oski | acaa6723efbef5d53904d2d8e69d3c3e3f09a9e08cb17e1e79b00583316609c6 | Triage

Sharing

General

Target

d69b90af0812b7634f0214cd46f54ae0
Size

842KB
Sample

240319-t6xj8shd4x
MD5

d69b90af0812b7634f0214cd46f54ae0
SHA1

37e03ed8fa0e16a1e317c25bdf06bb0ab0565839
SHA256

acaa6723efbef5d53904d2d8e69d3c3e3f09a9e08cb17e1e79b00583316609c6
SHA512

50ad7203c97c5c43ab479b3503889686ef2f81e41779e7db9984ba068583c64a03c15a9eaf8b03c0c094c209060a40facaba6bbeb0f55298f7e6c0b750f6547e
SSDEEP

24576:voR6qgvRqwva/KnBPH2QYncjgngjobuytTN:Asjk1/KnJHqncjgbbbdN

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

193.142.58.164/www/

Targets

- Target
  
  d69b90af0812b7634f0214cd46f54ae0
- Size
  
  842KB
- MD5
  
  d69b90af0812b7634f0214cd46f54ae0
- SHA1
  
  37e03ed8fa0e16a1e317c25bdf06bb0ab0565839
- SHA256
  
  acaa6723efbef5d53904d2d8e69d3c3e3f09a9e08cb17e1e79b00583316609c6
- SHA512
  
  50ad7203c97c5c43ab479b3503889686ef2f81e41779e7db9984ba068583c64a03c15a9eaf8b03c0c094c209060a40facaba6bbeb0f55298f7e6c0b750f6547e
- SSDEEP
  
  24576:voR6qgvRqwva/KnBPH2QYncjgngjobuytTN:Asjk1/KnJHqncjgbbbdN
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealer