General

  • Target

    c20ef4961ce6eb9dd5654242ec1b418c_JaffaCakes118

  • Size

    861KB

  • Sample

    240826-cd1yhsycpg

  • MD5

    c20ef4961ce6eb9dd5654242ec1b418c

  • SHA1

    076cb25979115c1a5baa95807f993c90f629c524

  • SHA256

    80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352

  • SHA512

    e518cd58bcab49e1359d6e60fe71a12c40d6c3f3e8dcfbf974848edb901231b8bd70271fc64f55c0cd8777e975ffee08b17607e4c4bd9744a4193b2a5739a9a2

  • SSDEEP

    24576:ZQqPByJzhAfD7MjzlR7m8Sdu3ar3kxggWq:ZQqZ0z0MjHy8mxrgl

Malware Config

Extracted

Family

oski

C2

45.141.84.184

Targets

    • Target

      c20ef4961ce6eb9dd5654242ec1b418c_JaffaCakes118

    • Size

      861KB

    • MD5

      c20ef4961ce6eb9dd5654242ec1b418c

    • SHA1

      076cb25979115c1a5baa95807f993c90f629c524

    • SHA256

      80199402b66d52742db427b0a59c869d3629e2b503c8e84b0d17789db414c352

    • SHA512

      e518cd58bcab49e1359d6e60fe71a12c40d6c3f3e8dcfbf974848edb901231b8bd70271fc64f55c0cd8777e975ffee08b17607e4c4bd9744a4193b2a5739a9a2

    • SSDEEP

      24576:ZQqPByJzhAfD7MjzlR7m8Sdu3ar3kxggWq:ZQqZ0z0MjHy8mxrgl

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Manipulates Digital Signatures

      Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

    • Executes dropped EXE

    • Loads dropped DLL

    • Adds Run key to start application

    • Deobfuscate/Decode Files or Information

      Payload decoded via CertUtil.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks