oski | 992ddc778bc3af49b9b7c424071cfe0db67dbcee83994debfee421ef4190d473 | Triage

Sharing

General

Target

d3e88703aaa4fe2bfdb0f663744724cc
Size

680KB
Sample

240318-tch5rada8x
MD5

d3e88703aaa4fe2bfdb0f663744724cc
SHA1

a1cc305fefde48e889325437a33a6572e3899654
SHA256

992ddc778bc3af49b9b7c424071cfe0db67dbcee83994debfee421ef4190d473
SHA512

bdfa11eebd000973b83be71a813ae4ecd6aae00cd1f7e6a738f7fcdb07784fe1386c50185bfda697d9c96f1cdb7dd0f45f02e55a319d6ce302179c04980fd8f7
SSDEEP

6144:VSiQrg69Xxsn7TdiQ2IhXAO0eq2+jTuDZR34M8NAWk2KdOAEQYFlX8s41aaST:IPxsn7Td7XFq2+aZwAL2YOAUl8lRST

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

chikkark.xyz

Targets

- Target
  
  d3e88703aaa4fe2bfdb0f663744724cc
- Size
  
  680KB
- MD5
  
  d3e88703aaa4fe2bfdb0f663744724cc
- SHA1
  
  a1cc305fefde48e889325437a33a6572e3899654
- SHA256
  
  992ddc778bc3af49b9b7c424071cfe0db67dbcee83994debfee421ef4190d473
- SHA512
  
  bdfa11eebd000973b83be71a813ae4ecd6aae00cd1f7e6a738f7fcdb07784fe1386c50185bfda697d9c96f1cdb7dd0f45f02e55a319d6ce302179c04980fd8f7
- SSDEEP
  
  6144:VSiQrg69Xxsn7TdiQ2IhXAO0eq2+jTuDZR34M8NAWk2KdOAEQYFlX8s41aaST:IPxsn7Td7XFq2+aZwAL2YOAUl8lRST
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer