Extracted

• • Target

    a716d9eeea5b456cfdec69a1b34ccc96_JaffaCakes118

  • Size

    985KB

  • MD5

    a716d9eeea5b456cfdec69a1b34ccc96

  • SHA1

    e757774843c0305a05ee18159f180ae71511c45b

  • SHA256

    890c9830635eb1674ed15a65790905fbe3ad80eb087ee7433e6da159ddc5cb00

  • SHA512

    d5516c9b71a21db1867c7861ec472626de5969bf1293eea7a8964830401435cc0b73f9673e768b6652a8611a539331911aa3df6527c3a5daf61cf43ac25a1104

  • SSDEEP

    24576:yQHyDJBjAObi4M2rIDTU4fmj6J/d28+buJqQlxTB8mv:yQSdBfbiyrIDovj6ldnkQlVB3

  Score

  10^/10

  persistenceoskiinfostealerspywarestealer

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Adds Run key to start application

    persistence

  • Suspicious use of SetThreadContext

  behavioral1behavioral2