oski | b43dde5ca3d23d16af5bf34c522869dff9624a78be67dfc3acde5c81ef24d318 | Triage

Sharing

General

Target

1fbf4813a6c6fd9c55e8f8c8beb200f3_JaffaCakes118
Size

1.2MB
Sample

240329-mmh46seh5y
MD5

1fbf4813a6c6fd9c55e8f8c8beb200f3
SHA1

648e3959c35790655ebaddd1bec2902938cdd540
SHA256

b43dde5ca3d23d16af5bf34c522869dff9624a78be67dfc3acde5c81ef24d318
SHA512

bffb6f378b581650ed74b6e00b28178a94b4584bf841d774bb867debb7b54dd1396c1ae33159c02301b334e8576958836740515efc17a362f56578ac31e7638f
SSDEEP

24576:TWFOBlUXQd4h4RJgaCN2es8nIrJ3hrFxEPw5IMuYU:DB2Ad4acT3IrJhrFxEY5IMuY

Score

10^/10

oski infostealer

Malware Config

Extracted

Family

oski

C2

secureconnection.xyz

Targets

- Target
  
  1fbf4813a6c6fd9c55e8f8c8beb200f3_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  1fbf4813a6c6fd9c55e8f8c8beb200f3
- SHA1
  
  648e3959c35790655ebaddd1bec2902938cdd540
- SHA256
  
  b43dde5ca3d23d16af5bf34c522869dff9624a78be67dfc3acde5c81ef24d318
- SHA512
  
  bffb6f378b581650ed74b6e00b28178a94b4584bf841d774bb867debb7b54dd1396c1ae33159c02301b334e8576958836740515efc17a362f56578ac31e7638f
- SSDEEP
  
  24576:TWFOBlUXQd4h4RJgaCN2es8nIrJ3hrFxEPw5IMuYU:DB2Ad4acT3IrJhrFxEY5IMuY
Score

10^/10

oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Scheduled Task/Job

Privilege Escalation

Scheduled Task/Job

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealer

behavioral2

oskiinfostealer