oski | 0de7c8162475fd23b09cdf728f0e90cf25250d0173befbfc4f8f3e59da9d4ef6 | Triage

Sharing

General

Target

e1808a961fe59c96882ce11133d4b8d1_JaffaCakes118
Size

457KB
Sample

240915-cmndsazhne
MD5

e1808a961fe59c96882ce11133d4b8d1
SHA1

041e2777f1ea56ef08554185ca592d81a7f3241f
SHA256

0de7c8162475fd23b09cdf728f0e90cf25250d0173befbfc4f8f3e59da9d4ef6
SHA512

d727f8abdfeb938e5627e6d37879d01af623624ebfe39106b48e808619431011f8e7feab3f70bef0035e6dc5847a1a874a00150414f380a7b07828a54f47f137
SSDEEP

12288:3s0ha9d1cQ15S/vOZYnuPyCNbrMUF8GxfK:3s0hqcdUhmCC

Score

10^/10

oski discovery infostealer

Malware Config

Extracted

Family

oski

C2

195.133.147.113

Targets

- Target
  
  e1808a961fe59c96882ce11133d4b8d1_JaffaCakes118
- Size
  
  457KB
- MD5
  
  e1808a961fe59c96882ce11133d4b8d1
- SHA1
  
  041e2777f1ea56ef08554185ca592d81a7f3241f
- SHA256
  
  0de7c8162475fd23b09cdf728f0e90cf25250d0173befbfc4f8f3e59da9d4ef6
- SHA512
  
  d727f8abdfeb938e5627e6d37879d01af623624ebfe39106b48e808619431011f8e7feab3f70bef0035e6dc5847a1a874a00150414f380a7b07828a54f47f137
- SSDEEP
  
  12288:3s0ha9d1cQ15S/vOZYnuPyCNbrMUF8GxfK:3s0hqcdUhmCC
Score

10^/10

oski discovery infostealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

oskidiscoveryinfostealer

behavioral2

oskidiscoveryinfostealer