oski | 2672e663c20a2695b2b4dadb2162bb7fe8c037d34eaa9660181dd529fa0c04d0 | Triage

Sharing

General

Target

c5e62282e79fc994c3eea5ab5669a671_JaffaCakes118
Size

458KB
Sample

240827-216jyswcjc
MD5

c5e62282e79fc994c3eea5ab5669a671
SHA1

b3324b6272dc54ac34989d7af595064286c6870f
SHA256

2672e663c20a2695b2b4dadb2162bb7fe8c037d34eaa9660181dd529fa0c04d0
SHA512

32ef996dc8223ca0fd25c14fb6a6298295ee5ea9d56483e201c1d86497c76ed6fefe3154607847e0ffa0fed3306c9d5b0ffa9caabc3e243438639eb311e0974d
SSDEEP

12288:XQblpwnI74DSDRBvGHyNpFk11f/xTsCoE1Z8XrvFFF4lYu3:XUpizDXykYu

Score

10^/10

oski discovery infostealer

Malware Config

Extracted

Family

oski

C2

45.8.228.100

Targets

- Target
  
  c5e62282e79fc994c3eea5ab5669a671_JaffaCakes118
- Size
  
  458KB
- MD5
  
  c5e62282e79fc994c3eea5ab5669a671
- SHA1
  
  b3324b6272dc54ac34989d7af595064286c6870f
- SHA256
  
  2672e663c20a2695b2b4dadb2162bb7fe8c037d34eaa9660181dd529fa0c04d0
- SHA512
  
  32ef996dc8223ca0fd25c14fb6a6298295ee5ea9d56483e201c1d86497c76ed6fefe3154607847e0ffa0fed3306c9d5b0ffa9caabc3e243438639eb311e0974d
- SSDEEP
  
  12288:XQblpwnI74DSDRBvGHyNpFk11f/xTsCoE1Z8XrvFFF4lYu3:XUpizDXykYu
Score

10^/10

oski discovery infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealer

behavioral2

oskidiscoveryinfostealer