oski | 52338add561f1e396b0f8377e77bae2a05bcb8d7cc19548dbf9ff8cf0b57cc1f | Triage

Sharing

General

Target

bot.exe
Size

200KB
Sample

240412-b5y3kaeh7x
MD5

3ac80dee855e85c52c0170373af79a04
SHA1

79b6a5708b05b88847b605dfe5271073826ba5f4
SHA256

52338add561f1e396b0f8377e77bae2a05bcb8d7cc19548dbf9ff8cf0b57cc1f
SHA512

0a2eae9404bec953ba84d98c05455b0fd42500c80ab66e8c9ffb19e102a81cb98dd09b82e862dbe15fb142e39165514ff6ac12d6acf47494a73222052923eb3c
SSDEEP

3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIC1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNr1Ljo3c

Score

10^/10

oski infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

62.77.159.212

Targets

- Target
  
  bot.exe
- Size
  
  200KB
- MD5
  
  3ac80dee855e85c52c0170373af79a04
- SHA1
  
  79b6a5708b05b88847b605dfe5271073826ba5f4
- SHA256
  
  52338add561f1e396b0f8377e77bae2a05bcb8d7cc19548dbf9ff8cf0b57cc1f
- SHA512
  
  0a2eae9404bec953ba84d98c05455b0fd42500c80ab66e8c9ffb19e102a81cb98dd09b82e862dbe15fb142e39165514ff6ac12d6acf47494a73222052923eb3c
- SSDEEP
  
  3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fIC1Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNr1Ljo3c
Score

10^/10

oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

Credentials In Files

Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

oskiinfostealerspywarestealer