oski | 608e74643884b5e54701cf0e7a15dbf18ff2a86676f94b118ff1dafa3b4e03dd | Triage

Sharing

General

Target

5249cba6e9ad2cc38bb1dd7fa259e854_JaffaCakes118
Size

418KB
Sample

240331-kxd7vshb4y
MD5

5249cba6e9ad2cc38bb1dd7fa259e854
SHA1

518e393a330d5edbb88c4d059df35ecfb634ccb7
SHA256

608e74643884b5e54701cf0e7a15dbf18ff2a86676f94b118ff1dafa3b4e03dd
SHA512

cf1b31bd9cb9358de9b3acbe03222ff90fd0f9ecaca6c4a7bea3f5b97ceae5f60ab06833d6f7dca2fd69798260d9a328145c08aa4189f2fbac5db041b1b9aa16
SSDEEP

6144:Yz3ogwdGRIHLeJs3dfn2Vjcn/Vgth59QFCMSiBtX3Y42Tv25aoZ1Y:YroNdpCJEf2VIn/Vs3SCgrYFkNS

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

samkoproducts.xyz

Targets

- Target
  
  5249cba6e9ad2cc38bb1dd7fa259e854_JaffaCakes118
- Size
  
  418KB
- MD5
  
  5249cba6e9ad2cc38bb1dd7fa259e854
- SHA1
  
  518e393a330d5edbb88c4d059df35ecfb634ccb7
- SHA256
  
  608e74643884b5e54701cf0e7a15dbf18ff2a86676f94b118ff1dafa3b4e03dd
- SHA512
  
  cf1b31bd9cb9358de9b3acbe03222ff90fd0f9ecaca6c4a7bea3f5b97ceae5f60ab06833d6f7dca2fd69798260d9a328145c08aa4189f2fbac5db041b1b9aa16
- SSDEEP
  
  6144:Yz3ogwdGRIHLeJs3dfn2Vjcn/Vgth59QFCMSiBtX3Y42Tv25aoZ1Y:YroNdpCJEf2VIn/Vs3SCgrYFkNS
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer