General

  • Target

    90a2d295d4e5950379bba11c562c6d70_JaffaCakes118

  • Size

    804KB

  • Sample

    241123-ztx8wssnej

  • MD5

    90a2d295d4e5950379bba11c562c6d70

  • SHA1

    088a10386ddfb15aef4c74666719f88b6eb91506

  • SHA256

    84881b1a60042a853baf05ca0dcfdbdb85c72edfc8c6d46493fe6e4f6697b2f6

  • SHA512

    3635140742bb2c27b9d6b922ecbdc9ff547a24019821a47b8094eda005973b8d2130af82830e6aa72fcdb397c994997eece1c9306d68218d61c16cb3375e0f90

  • SSDEEP

    12288:yjYTIwsaZUj43HOZGkocfj/YwIlfZkJOT7y5s+7:yj/wsGcfrQRkc7Mr7

Malware Config

Extracted

Family

oski

C2

samsungprod.xyz

Targets

    • Target

      90a2d295d4e5950379bba11c562c6d70_JaffaCakes118

    • Size

      804KB

    • MD5

      90a2d295d4e5950379bba11c562c6d70

    • SHA1

      088a10386ddfb15aef4c74666719f88b6eb91506

    • SHA256

      84881b1a60042a853baf05ca0dcfdbdb85c72edfc8c6d46493fe6e4f6697b2f6

    • SHA512

      3635140742bb2c27b9d6b922ecbdc9ff547a24019821a47b8094eda005973b8d2130af82830e6aa72fcdb397c994997eece1c9306d68218d61c16cb3375e0f90

    • SSDEEP

      12288:yjYTIwsaZUj43HOZGkocfj/YwIlfZkJOT7y5s+7:yj/wsGcfrQRkc7Mr7

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Oski family

    • Command and Scripting Interpreter: PowerShell

      Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks