Extracted

• • Target

    ExeFile (339).exe

  • Size

    861KB

  • MD5

    c20ef4961ce6eb9dd5654242ec1b418c

  • SHA1

    076cb25979115c1a5baa95807f993c90f629c524

  • SHA256

    80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352

  • SHA512

    e518cd58bcab49e1359d6e60fe71a12c40d6c3f3e8dcfbf974848edb901231b8bd70271fc64f55c0cd8777e975ffee08b17607e4c4bd9744a4193b2a5739a9a2

  • SSDEEP

    24576:ZQqPByJzhAfD7MjzlR7m8Sdu3ar3kxggWq:ZQqZ0z0MjHy8mxrgl

  Score

  10^/10

  oskidefense_evasiondiscoveryinfostealerpersistence

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Manipulates Digital Signatures

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • Executes dropped EXE

  • Loads dropped DLL

  • Adds Run key to start application

    persistence

  • Deobfuscate/Decode Files or Information

    Payload decoded via CertUtil.

    defense_evasion

  • Suspicious use of SetThreadContext

  behavioral1behavioral2