oski | e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf | Triage

Sharing

General

Target

ExeFile (236).exe
Size

1.2MB
Sample

240820-rh311awcrg
MD5

c361fe1dc05f5d90c1ce35e0d49b6338
SHA1

267aac6007a22ca4c17eabbfe4c71f3194b181d6
SHA256

e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf
SHA512

a1f7a311e03af563d43a2f2d3820d6ac690c99f0edd0ae935df2018205b6e970d14017dd043fd22bc24e956ea483a21116fa1e5b5be4152d3d266a51b9c9d55e
SSDEEP

24576:qQ+JBjAObi4M2rIDTU4fmj6J/d5nTWzim9W7akhWFhepaLSbK:qQGBfbiyrIDovj6l+59W7aApat

Score

10^/10

oski defense_evasion discovery infostealer persistence

Malware Config

Extracted

Family

oski

C2

45.141.84.184

Targets

- Target
  
  ExeFile (236).exe
- Size
  
  1.2MB
- MD5
  
  c361fe1dc05f5d90c1ce35e0d49b6338
- SHA1
  
  267aac6007a22ca4c17eabbfe4c71f3194b181d6
- SHA256
  
  e105e4778abd8cc1d35e0d6b1f0ad17994570ead16764f012270be94de740aaf
- SHA512
  
  a1f7a311e03af563d43a2f2d3820d6ac690c99f0edd0ae935df2018205b6e970d14017dd043fd22bc24e956ea483a21116fa1e5b5be4152d3d266a51b9c9d55e
- SSDEEP
  
  24576:qQ+JBjAObi4M2rIDTU4fmj6J/d5nTWzim9W7akhWFhepaLSbK:qQGBfbiyrIDovj6l+59W7aApat
Score

10^/10

defense_evasion discovery persistence oski infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Manipulates Digital Signatures
  Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.
- Executes dropped EXE
- Loads dropped DLL
- Adds Run key to start application
  persistence
- Deobfuscate/Decode Files or Information
  Payload decoded via CertUtil.
  defense_evasion
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Deobfuscate/Decode Files or Information

Modify Registry

Subvert Trust Controls

SIP and Trust Provider Hijacking

Credential Access

Discovery

Remote System Discovery

System Location Discovery

System Language Discovery

System Network Configuration Discovery

Internet Connection Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

defense_evasiondiscoverypersistence

behavioral2

oskidefense_evasiondiscoveryinfostealerpersistence