Extracted

• • Target

    90a2d295d4e5950379bba11c562c6d70_JaffaCakes118

  • Size

    804KB

  • MD5

    90a2d295d4e5950379bba11c562c6d70

  • SHA1

    088a10386ddfb15aef4c74666719f88b6eb91506

  • SHA256

    84881b1a60042a853baf05ca0dcfdbdb85c72edfc8c6d46493fe6e4f6697b2f6

  • SHA512

    3635140742bb2c27b9d6b922ecbdc9ff547a24019821a47b8094eda005973b8d2130af82830e6aa72fcdb397c994997eece1c9306d68218d61c16cb3375e0f90

  • SSDEEP

    12288:yjYTIwsaZUj43HOZGkocfj/YwIlfZkJOT7y5s+7:yj/wsGcfrQRkc7Mr7

  Score

  10^/10

  oskidiscoveryexecutioninfostealerspywarestealer

  • Oski

    Oski is an infostealer targeting browser data, crypto wallets.

    infostealeroski

  • Oski family

    oski

  • Command and Scripting Interpreter: PowerShell

    Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    execution

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Suspicious use of SetThreadContext

  behavioral1behavioral2