General

  • Target

    dfd577445daa4705c75e7695d43613c0N.exe

  • Size

    885KB

  • Sample

    240830-yn3qrasdnd

  • MD5

    dfd577445daa4705c75e7695d43613c0

  • SHA1

    de5fd2f958bd270c80e831d3f77fa1ba9a74db30

  • SHA256

    5756d366cde65c7e11ea6ee20610e854f64e385c74ca2ea712ad5d718d1f5b56

  • SHA512

    b82db0c4eb7998850b14f98260653e03e7ef872836afc8e57f5557b570809e9ad2863ef79e35cb600d0fa387676525dee420b0bfd4d777804dbe2f0edc9361b6

  • SSDEEP

    6144:jBYFJLgGlXQG0VWHlKuA0UvErhHNhzAsmUvzPusCNPfxlpk8Lk+xdansUT:jGXQG0OhisnRmUvr4NPJzk8jdezT

Malware Config

Extracted

Family

oski

C2

kelbro.xyz

Targets

    • Target

      dfd577445daa4705c75e7695d43613c0N.exe

    • Size

      885KB

    • MD5

      dfd577445daa4705c75e7695d43613c0

    • SHA1

      de5fd2f958bd270c80e831d3f77fa1ba9a74db30

    • SHA256

      5756d366cde65c7e11ea6ee20610e854f64e385c74ca2ea712ad5d718d1f5b56

    • SHA512

      b82db0c4eb7998850b14f98260653e03e7ef872836afc8e57f5557b570809e9ad2863ef79e35cb600d0fa387676525dee420b0bfd4d777804dbe2f0edc9361b6

    • SSDEEP

      6144:jBYFJLgGlXQG0VWHlKuA0UvErhHNhzAsmUvzPusCNPfxlpk8Lk+xdansUT:jGXQG0OhisnRmUvr4NPJzk8jdezT

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Credentials from Password Stores: Credentials from Web Browsers

      Malicious Access or copy of Web Browser Credential store.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Matrix ATT&CK v13

Credential Access

Credentials from Password Stores

1
T1555

Credentials from Web Browsers

1
T1555.003

Unsecured Credentials

1
T1552

Credentials In Files

1
T1552.001

Discovery

System Location Discovery

1
T1614

System Language Discovery

1
T1614.001

Collection

Data from Local System

1
T1005

Tasks