General
-
Target
5e45692f423e4f683e1c246679e6d572_JaffaCakes118
-
Size
301KB
-
Sample
240720-af7gza1brb
-
MD5
5e45692f423e4f683e1c246679e6d572
-
SHA1
bdc1cf9aa3625fc0d514628a55c767c8ed07e17b
-
SHA256
d40dedd7f637a1ef9703b582a6d536469d1cf62bddc1a462a9cceeb7f9194f13
-
SHA512
93de1b3cc9601adc6af8c2bdedec1633dfd82cc6a09d327836df2af628423db52174e1d9f6a241045a9ef593f0edd65e2b3a2797a64cbed73b2c54231ba0692c
-
SSDEEP
6144:8DKW1Lgbdl0TBBvjc/VddFYZF2IqG4qKBNDgEpxpAvtWbROF2:qh1Lk70TnvjcndMFJSPBNDvGvwbRe2
Malware Config
Extracted
oski
no1geekfun.com/surce/a/
Targets
-
-
Target
5e45692f423e4f683e1c246679e6d572_JaffaCakes118
-
Size
301KB
-
MD5
5e45692f423e4f683e1c246679e6d572
-
SHA1
bdc1cf9aa3625fc0d514628a55c767c8ed07e17b
-
SHA256
d40dedd7f637a1ef9703b582a6d536469d1cf62bddc1a462a9cceeb7f9194f13
-
SHA512
93de1b3cc9601adc6af8c2bdedec1633dfd82cc6a09d327836df2af628423db52174e1d9f6a241045a9ef593f0edd65e2b3a2797a64cbed73b2c54231ba0692c
-
SSDEEP
6144:8DKW1Lgbdl0TBBvjc/VddFYZF2IqG4qKBNDgEpxpAvtWbROF2:qh1Lk70TnvjcndMFJSPBNDvGvwbRe2
Score10/10-
Oski
Oski is an infostealer targeting browser data, crypto wallets.
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-