oski | 7b05d46b12945a754e07915535b5c977078818b088ce5de1a31ff40b3c2bef61 | Triage

Sharing

General

Target

1ab68861cbb539af250899445e168233_JaffaCakes118
Size

1.2MB
Sample

241007-brsnmaxarq
MD5

1ab68861cbb539af250899445e168233
SHA1

e4299a99e197c034b76f9415acb599c810f4f659
SHA256

7b05d46b12945a754e07915535b5c977078818b088ce5de1a31ff40b3c2bef61
SHA512

3ce1f719220f13fafb5fc07d0c8def676fd717ecf3e068088b0e0bf35b686866b0e9adc4cd051fd2990f46df5b120e365e77b93b8f6ff5863297a3fcd6a6a518
SSDEEP

24576:DzbGHAzHKjX1rBY4ZyrE7K3yl8PeVooA/AB2LEgpUqY/CL+elRtA3k0yy3l4VzCa:DziHILpUhxel6k0yyW094

Score

10^/10

oski discovery infostealer spyware stealer

Malware Config

Extracted

Family

oski

C2

himarkh.xyz

Targets

- Target
  
  1ab68861cbb539af250899445e168233_JaffaCakes118
- Size
  
  1.2MB
- MD5
  
  1ab68861cbb539af250899445e168233
- SHA1
  
  e4299a99e197c034b76f9415acb599c810f4f659
- SHA256
  
  7b05d46b12945a754e07915535b5c977078818b088ce5de1a31ff40b3c2bef61
- SHA512
  
  3ce1f719220f13fafb5fc07d0c8def676fd717ecf3e068088b0e0bf35b686866b0e9adc4cd051fd2990f46df5b120e365e77b93b8f6ff5863297a3fcd6a6a518
- SSDEEP
  
  24576:DzbGHAzHKjX1rBY4ZyrE7K3yl8PeVooA/AB2LEgpUqY/CL+elRtA3k0yy3l4VzCa:DziHILpUhxel6k0yyW094
Score

10^/10

discovery oski infostealer spyware stealer
- Oski
  Oski is an infostealer targeting browser data, crypto wallets.
  infostealer oski
- Executes dropped EXE
- Loads dropped DLL
- Reads user/profile data of web browsers
  Infostealers often target stored browser data, which can include saved credentials etc.
  spyware stealer
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

Credentials from Web Browsers

Unsecured Credentials

Credentials In Files

Discovery

Query Registry

System Information Discovery

System Location Discovery

System Language Discovery

Lateral Movement

Collection

Data from Local System

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

behavioral2

oskidiscoveryinfostealerspywarestealer