oski | dda5d47308c0ebcb2555cda19b4c05a88d633396909456b9ee5fcee42e197724 | Triage

Sharing

General

Target

c7ab84a215a60e703e2906f68a1bae13_JaffaCakes118
Size

544KB
Sample

240405-cc4ysahb6y
MD5

c7ab84a215a60e703e2906f68a1bae13
SHA1

e1e57a74e28d8016f074da9cda4b68ab04b1737f
SHA256

dda5d47308c0ebcb2555cda19b4c05a88d633396909456b9ee5fcee42e197724
SHA512

106b653700a6f6cb9b77738648c71efc1096cf6dea253e49763b5e1e33eb2a29db5a60ae5bfecb9ba5e67dd392b3c6289ec4574219caf89e4a96bc186f097d5e
SSDEEP

12288:8MkzW+vUdJ8GHOdE+aTi4CgaOJju1+MtPQRtIdSB:8LeXRuEjTiwJjuEPdB

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

chrisproperties.xyz

Targets

- Target
  
  c7ab84a215a60e703e2906f68a1bae13_JaffaCakes118
- Size
  
  544KB
- MD5
  
  c7ab84a215a60e703e2906f68a1bae13
- SHA1
  
  e1e57a74e28d8016f074da9cda4b68ab04b1737f
- SHA256
  
  dda5d47308c0ebcb2555cda19b4c05a88d633396909456b9ee5fcee42e197724
- SHA512
  
  106b653700a6f6cb9b77738648c71efc1096cf6dea253e49763b5e1e33eb2a29db5a60ae5bfecb9ba5e67dd392b3c6289ec4574219caf89e4a96bc186f097d5e
- SSDEEP
  
  12288:8MkzW+vUdJ8GHOdE+aTi4CgaOJju1+MtPQRtIdSB:8LeXRuEjTiwJjuEPdB
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2

oskiinfostealerspywarestealer