oski | 223dfd54929007ac23d6a20dbcf81a519a14f1c4061d23afcb761b75796042d2 | Triage

Sharing

General

Target

da484abefb23789c13add9ecd7ea7eeb
Size

693KB
Sample

240321-bdq8msga34
MD5

da484abefb23789c13add9ecd7ea7eeb
SHA1

cf0098c51761c3c9b860cdfd290734f0d1657bba
SHA256

223dfd54929007ac23d6a20dbcf81a519a14f1c4061d23afcb761b75796042d2
SHA512

380d3227555739a95ae2514fbe1f24882cbf91db508339837aee2fc6d1ac1c5a7feabcef9bf87ebc8b4efe6fa1f142f2ad9efd595899875fd1e416aa1965d368
SSDEEP

6144:eR5RLb7fVUQdGoKtqyknjzIaC+APzRXks3ccv78vSvFvvUvsvlvzvLvbv+vhvtDf:eR5NVbdjKcVPIjPzRXks3rgpES

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

http://2.56.59.226/www/

Targets

- Target
  
  da484abefb23789c13add9ecd7ea7eeb
- Size
  
  693KB
- MD5
  
  da484abefb23789c13add9ecd7ea7eeb
- SHA1
  
  cf0098c51761c3c9b860cdfd290734f0d1657bba
- SHA256
  
  223dfd54929007ac23d6a20dbcf81a519a14f1c4061d23afcb761b75796042d2
- SHA512
  
  380d3227555739a95ae2514fbe1f24882cbf91db508339837aee2fc6d1ac1c5a7feabcef9bf87ebc8b4efe6fa1f142f2ad9efd595899875fd1e416aa1965d368
- SSDEEP
  
  6144:eR5RLb7fVUQdGoKtqyknjzIaC+APzRXks3ccv78vSvFvvUvsvlvzvLvbv+vhvtDf:eR5NVbdjKcVPIjPzRXks3rgpES
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2