General

  • Target

    561b47e434227876ba3657cb681bb31b_JaffaCakes118

  • Size

    404KB

  • Sample

    240718-evcy5avcpl

  • MD5

    561b47e434227876ba3657cb681bb31b

  • SHA1

    c9fb08a81392154fea47389b068cc2c803f229ce

  • SHA256

    a22f28ef4f876cd230e6f5137c3baf87ad63b6bbfa2909c762a358bc75699f5a

  • SHA512

    423e8d34f1bccad81a3f5c445e448a48c89ba4269a97954ab5b016fd7108e8214afe0b031a4244702f7ef30f94bf0de84807735446c25c13ce250b5cd168a81a

  • SSDEEP

    12288:kRuSTDg/kYLfXF62VBTPu7FjpwucdEGe2Ax:kRzT8MeVkFjp1cReF

Malware Config

Extracted

Family

oski

C2

maurizio.ug

Targets

    • Target

      561b47e434227876ba3657cb681bb31b_JaffaCakes118

    • Size

      404KB

    • MD5

      561b47e434227876ba3657cb681bb31b

    • SHA1

      c9fb08a81392154fea47389b068cc2c803f229ce

    • SHA256

      a22f28ef4f876cd230e6f5137c3baf87ad63b6bbfa2909c762a358bc75699f5a

    • SHA512

      423e8d34f1bccad81a3f5c445e448a48c89ba4269a97954ab5b016fd7108e8214afe0b031a4244702f7ef30f94bf0de84807735446c25c13ce250b5cd168a81a

    • SSDEEP

      12288:kRuSTDg/kYLfXF62VBTPu7FjpwucdEGe2Ax:kRzT8MeVkFjp1cReF

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Collection

Data from Local System

1
T1005

Tasks