oski | 31a1d8675119dec79be24b8bad138c65511892a0687496144b5b4134bf7e28cd | Triage

Sharing

General

Target

e2f583f15a2390792451250cad2a4870_JaffaCakes118
Size

1.2MB
Sample

240406-wq6t3sff82
MD5

e2f583f15a2390792451250cad2a4870
SHA1

20a2e3fda22d56998409163705897c82b66dcccb
SHA256

31a1d8675119dec79be24b8bad138c65511892a0687496144b5b4134bf7e28cd
SHA512

2e400a265442ea652c6a38b3faf6965ab03d9b7c80ed4a85d23e5e82397bfbf041f121e274b47eb692e7ae2b6b997ced38e1f17b6f93e94aad4f3de4bb0b9555
SSDEEP

24576:Pwj78OnD4D2AgtKQLexBJ6YOp0e3K8Ky12UY2it4L0VWFco/f:Ijt5YC0AyUHkYO8f

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

himarkh.xyz

Targets

- Target
  
  PURCHASE ORDER AZAS112.xls.xll
- Size
  
  880KB
- MD5
  
  4ebc548df517cae4c7e3122e9c75ede6
- SHA1
  
  6e19e1e6f3a7b96cf562c2f6768f92580652d427
- SHA256
  
  6c67e1ccf77b872b1f3cf257a257d75c4995dc079945080f578b51357ccdbe55
- SHA512
  
  359be199470a83ad32db555840c5b33a6b69db96cc188d83d550639fe9fe75464529819fdf0cded9d489cb7ba03802667ac373d3ad2a3f7e4069b023c8508290
- SSDEEP
  
  24576:/zbGHAzHAjX1BcLgtBoKF0KihRPX0qFNE:/ziHILEV6Fm
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

oskiinfostealerspywarestealer