oski | d83a8f3a3475132ef153741a21858652a2f03a4e62d56f6864c8800fb0a0da45 | Triage

Sharing

General

Target

e480e28c74a635845673fd030eb47734_JaffaCakes118
Size

268KB
Sample

240407-ke6t6ahd84
MD5

e480e28c74a635845673fd030eb47734
SHA1

913f51d9deee32c6953a3ce9fbe04dd85f4c78f1
SHA256

d83a8f3a3475132ef153741a21858652a2f03a4e62d56f6864c8800fb0a0da45
SHA512

620d5be5d4874d5f89b2d301e9900fb25c11cf1630c5fd901e8d34e71ea3c467931e3b284bb16309e26a81a79ba1abd945c20ea908917e378fdac356c54e1571
SSDEEP

6144:mU2ggwQt/uqv8uLjPMRnuCKc8E46U+mxHYQsl4DrNr1Hzkmct/036YFTKT:mU1HKc8EnIN5ssrNrumcS36Y6

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

nedu1994.xyz

Targets

- Target
  
  e480e28c74a635845673fd030eb47734_JaffaCakes118
- Size
  
  268KB
- MD5
  
  e480e28c74a635845673fd030eb47734
- SHA1
  
  913f51d9deee32c6953a3ce9fbe04dd85f4c78f1
- SHA256
  
  d83a8f3a3475132ef153741a21858652a2f03a4e62d56f6864c8800fb0a0da45
- SHA512
  
  620d5be5d4874d5f89b2d301e9900fb25c11cf1630c5fd901e8d34e71ea3c467931e3b284bb16309e26a81a79ba1abd945c20ea908917e378fdac356c54e1571
- SSDEEP
  
  6144:mU2ggwQt/uqv8uLjPMRnuCKc8E46U+mxHYQsl4DrNr1Hzkmct/036YFTKT:mU1HKc8EnIN5ssrNrumcS36Y6
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiinfostealerspywarestealer

behavioral2