Extracted

• • Target

    ddde6fc0ce346b0ab7bb0c8c02a09d33

  • Size

    1.2MB

  • MD5

    ddde6fc0ce346b0ab7bb0c8c02a09d33

  • SHA1

    1067652f21fd05902288613746b5e2ea79bd07f9

  • SHA256

    a375d88a6666e7101b4f582ea0239033e4716e883ecb301245011e9c58054a9c

  • SHA512

    66a92b7f14371069d78876add097fb8f847755eff95edd846939566f0ce219b686f265c8a57dbe6e19e5f12145bfbfcccff09371413a758005d1aee7d8490c49

  • SSDEEP

    12288:PYhxa6BTGO/NkJWZeZQCmdjVv6LZRsXdmSLem2Vg4miT9UJESs6IcWByCcRQUBqh:PYv5CmHAIOsBgo0q4wMPnpx2XP4iO1H

  Score

  10^/10

  oskiinfostealerspywarestealer

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • CustAttr .NET packer

    Detects CustAttr .NET packer in memory.

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2