oski | cd986b32c220cc04c9feb5e42a393fb34efc884d176e6d8d266e54ac4840cfa3 | Triage

Submit
Reports

Overview

overview

Static

static

Oski Cracked.exe

windows10-1703-x64

Oski Cracked.exe

windows7-x64

Oski Cracked.exe

windows10-2004-x64

Oski Cracked.exe

windows11-21h2-x64

Sharing

General

Target

Oski Cracked.exe
Size

4.5MB
Sample

240516-wdvlaage36
MD5

a52baa5b64635eec7c7b888bff016aac
SHA1

a86b895b483df3c657553f498ebcd9c97b89415f
SHA256

cd986b32c220cc04c9feb5e42a393fb34efc884d176e6d8d266e54ac4840cfa3
SHA512

bed140ed03ed4b5da82edf1139eced7c84a56fe75f5a8926002414ed0b8f25fbb6cbf9e3111ff6d9b5d942382be331a674f17cf10b2150f171f32276ad4b3980
SSDEEP

98304:iJCbuSMburCaMZh0yEKj+WRvrY1dcZ048HV/bFy8jJ7APB:8mMbuQZlFY7KsZPNA

Score

10^/10

oski quasar venomrat vilva v3 evasion infostealer rat rootkit spyware stealer trojan

Static task

static1

4 signatures

Behavioral task

behavioral1

Sample

Oski Cracked.exe

Resource

win10-20240404-en

oski quasar venomrat vilva v3 evasion infostealer rat rootkit spyware stealer trojan

windows10-1703-x64

16 signatures

30 seconds

Behavioral task

behavioral2

Sample

Oski Cracked.exe

Resource

win7-20240508-en

oski quasar venomrat vilva v3 evasion infostealer rat rootkit spyware stealer trojan

windows7-x64

18 signatures

30 seconds

Behavioral task

behavioral3

Sample

Oski Cracked.exe

Resource

win10v2004-20240426-en

oski quasar vilva v3 infostealer spyware trojan

windows10-2004-x64

6 signatures

30 seconds

Behavioral task

behavioral4

Sample

Oski Cracked.exe

Resource

win11-20240508-en

oski quasar venomrat vilva v3 evasion infostealer rat rootkit spyware stealer trojan

windows11-21h2-x64

16 signatures

30 seconds

Malware Config

Extracted

Family

quasar

Attributes

reconnect_delay
3000

Extracted

Family

quasar

Version

2.1.0.0

Botnet

VILVA V3

C2

67.213.221.18:7812

Mutex

VNM_MUTEX_DR6NAzaayWgRGuLNpp

Attributes

encryption_key
izGdDJVzqIzRDlXcooB4
install_name
Windows Defender Security.exe
log_directory
Logs
reconnect_delay
3000
startup_key
Windows Service
subdirectory
WindowsDir

Targets

- Target
  
  Oski Cracked.exe
- Size
  
  4.5MB
- MD5
  
  a52baa5b64635eec7c7b888bff016aac
- SHA1
  
  a86b895b483df3c657553f498ebcd9c97b89415f
- SHA256
  
  cd986b32c220cc04c9feb5e42a393fb34efc884d176e6d8d266e54ac4840cfa3
- SHA512
  
  bed140ed03ed4b5da82edf1139eced7c84a56fe75f5a8926002414ed0b8f25fbb6cbf9e3111ff6d9b5d942382be331a674f17cf10b2150f171f32276ad4b3980
- SSDEEP
  
  98304:iJCbuSMburCaMZh0yEKj+WRvrY1dcZ048HV/bFy8jJ7APB:8mMbuQZlFY7KsZPNA
Score

10^/10

oski quasar venomrat vilva v3 evasion infostealer rat rootkit spyware stealer trojan
- Contains code to disable Windows Defender
  A .NET executable tasked with disabling Windows Defender capabilities such as realtime monitoring, blocking at first seen, etc.
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Quasar RAT
  Quasar is an open source Remote Access Tool.
  trojan spyware quasar
- Quasar payload
- VenomRAT
  VenomRAT is a modified version of QuasarRAT with some added features, such as rootkit and stealer capabilites.
  rat rootkit stealer venomrat
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Looks up external IP address via web service
  Uses a legitimate IP lookup service to find the infected system's external IP.
behavioral1 behavioral2 behavioral3 behavioral4

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

Persistence

Create or Modify System Process

Windows Service

Scheduled Task/Job

Privilege Escalation

Create or Modify System Process

Windows Service

Scheduled Task/Job

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Remote System Discovery

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskiquasarvenomratvilva v3evasioninfostealerratrootkitspywarestealertrojan

behavioral2

oskiquasarvenomratvilva v3evasioninfostealerratrootkitspywarestealertrojan

behavioral3

oskiquasarvilva v3infostealerspywaretrojan

behavioral4

oskiquasarvenomratvilva v3evasioninfostealerratrootkitspywarestealertrojan

© 2018-2024

Terms | Privacy