oski | 5cd0759c1e566b6e74ef3f29a49a34a08ded2dc44408fccd41b5a9845573a34c | Triage

Sharing

General

Target

5cd0759c1e566b6e74ef3f29a49a34a08ded2dc44408fccd41b5a9845573a34c.bin
Size

680KB
Sample

240327-ehtq4sfb6s
MD5

bc7f80814ad63a035fbf8e0b67b02155
SHA1

a7d76dd02b12bb250f9f42101fda1fa235154710
SHA256

5cd0759c1e566b6e74ef3f29a49a34a08ded2dc44408fccd41b5a9845573a34c
SHA512

ac336b61ad93d51e68784350d59d56d08ac947426c3570ed7f0dfbbbdfce24bd0c495c6f626d3edeb8de47a0f0a3a09701b33b78dbb7a7a1e0b1cd32f8d0991a
SSDEEP

6144:nSiQrg69p5Ozn2zdCQ2I8EXAOteqM+Z4q6NHnfmDZET62KGUXtkJwov56hL:eBIzn2zd6EX6qM+Z4qufG6/PUyJw+A

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

himarkh.xyz

Targets

- Target
  
  5cd0759c1e566b6e74ef3f29a49a34a08ded2dc44408fccd41b5a9845573a34c.bin
- Size
  
  680KB
- MD5
  
  bc7f80814ad63a035fbf8e0b67b02155
- SHA1
  
  a7d76dd02b12bb250f9f42101fda1fa235154710
- SHA256
  
  5cd0759c1e566b6e74ef3f29a49a34a08ded2dc44408fccd41b5a9845573a34c
- SHA512
  
  ac336b61ad93d51e68784350d59d56d08ac947426c3570ed7f0dfbbbdfce24bd0c495c6f626d3edeb8de47a0f0a3a09701b33b78dbb7a7a1e0b1cd32f8d0991a
- SSDEEP
  
  6144:nSiQrg69p5Ozn2zdCQ2I8EXAOteqM+Z4q6NHnfmDZET62KGUXtkJwov56hL:eBIzn2zd6EX6qM+Z4qufG6/PUyJw+A
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Drops file in System32 directory
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2