oski | 652ff7f52f0e2d6bdd5a0f36f4b24c4dafc8aab7d5236db91b77267650cdb140 | Triage

Sharing

General

Target

958327f65e87da599ad05ad82897f730_JaffaCakes118
Size

597KB
Sample

240402-yfp5pabe8s
MD5

958327f65e87da599ad05ad82897f730
SHA1

3bf2631dd0877733ec2a005b7de033bb468fb2ca
SHA256

652ff7f52f0e2d6bdd5a0f36f4b24c4dafc8aab7d5236db91b77267650cdb140
SHA512

0c6a8422f13f9205186d5c529fcc5ab9293a4c77a3a2d7602dca2748ace7684f8a5d4f739cb073de83fcd285fe187d39fb96d80360ec15de9c1615afb8f450cb
SSDEEP

12288:ShvSUOwrXUH/l+O+Z2HNdjIde1148gsGBMvo0:6KU7Efl+O+Z2HN31m8NG2w

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

chrisproperties.xyz

Targets

- Target
  
  958327f65e87da599ad05ad82897f730_JaffaCakes118
- Size
  
  597KB
- MD5
  
  958327f65e87da599ad05ad82897f730
- SHA1
  
  3bf2631dd0877733ec2a005b7de033bb468fb2ca
- SHA256
  
  652ff7f52f0e2d6bdd5a0f36f4b24c4dafc8aab7d5236db91b77267650cdb140
- SHA512
  
  0c6a8422f13f9205186d5c529fcc5ab9293a4c77a3a2d7602dca2748ace7684f8a5d4f739cb073de83fcd285fe187d39fb96d80360ec15de9c1615afb8f450cb
- SSDEEP
  
  12288:ShvSUOwrXUH/l+O+Z2HNdjIde1148gsGBMvo0:6KU7Efl+O+Z2HN31m8NG2w
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer