General

  • Target

    2024-07-07_7104e2ade44c390cb87033f2249b0c97_karagany_mafia

  • Size

    200KB

  • Sample

    240707-zp5geayakr

  • MD5

    7104e2ade44c390cb87033f2249b0c97

  • SHA1

    4bf5bb0f68490be78b3e8a8133e1a79c47432ed0

  • SHA256

    6d575812a701f3cbf081873989914976287e46a9cc8d732bd83ac7f6944ceb98

  • SHA512

    1c7760b0302a2839fa8783aa81a8d4f8ea7313397d57c0a8c4c4d9820c4da57766c993a50a4804bbb0a1c7bd591fccafcfa283c9d50f95408663b8cf3897cd98

  • SSDEEP

    3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fI21Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNf1Ljo3c

Malware Config

Targets

    • Target

      2024-07-07_7104e2ade44c390cb87033f2249b0c97_karagany_mafia

    • Size

      200KB

    • MD5

      7104e2ade44c390cb87033f2249b0c97

    • SHA1

      4bf5bb0f68490be78b3e8a8133e1a79c47432ed0

    • SHA256

      6d575812a701f3cbf081873989914976287e46a9cc8d732bd83ac7f6944ceb98

    • SHA512

      1c7760b0302a2839fa8783aa81a8d4f8ea7313397d57c0a8c4c4d9820c4da57766c993a50a4804bbb0a1c7bd591fccafcfa283c9d50f95408663b8cf3897cd98

    • SSDEEP

      3072:WfUomEuYm98dlSq7gt5q7Dx+XgS6aCEwhOfUbCalNT2pbB3fI21Xi6FLPo3c:WfUauY68uSWCx+XA7mg2pNf1Ljo3c

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Loads dropped DLL

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Accesses cryptocurrency files/wallets, possible credential harvesting

    • Checks installed software on the system

      Looks up Uninstall key entries in the registry to enumerate software on the system.

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

2
T1552

Credentials In Files

2
T1552.001

Discovery

Query Registry

3
T1012

System Information Discovery

3
T1082

Collection

Data from Local System

2
T1005

Tasks