Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    JaffaCakes118_8d97f71457a0a2977a82571583306c26

  • Size

    396KB

  • Sample

    250105-fvnlasvndr

  • MD5

    8d97f71457a0a2977a82571583306c26

  • SHA1

    936800c740c13a3fc2e05a1c1376007f58002a7d

  • SHA256

    a7c9e0bba10b853dd183f2c6b732bd0e1001f1a7b455007dc3022ff465b7797f

  • SHA512

    5708375538d7b9927784809912a0b0588e200aaf62668226b9b83c2c4879306d989bef3033807bd7bb8989a56b58b2369b42327968f23f2dddc6d9b2975c51f5

  • SSDEEP

    12288:7ycqterR53JplKiFwgxtQ9LdQAGAHUq/uzK6UA8t9HHHHHHHHHIHHHHHHczJXNAG:7QtervJXzQ9L

Malware Config

Extracted

Family

oski

C2

forum.daffodil-bd.com

Targets

    • Target

      JaffaCakes118_8d97f71457a0a2977a82571583306c26

    • Size

      396KB

    • MD5

      8d97f71457a0a2977a82571583306c26

    • SHA1

      936800c740c13a3fc2e05a1c1376007f58002a7d

    • SHA256

      a7c9e0bba10b853dd183f2c6b732bd0e1001f1a7b455007dc3022ff465b7797f

    • SHA512

      5708375538d7b9927784809912a0b0588e200aaf62668226b9b83c2c4879306d989bef3033807bd7bb8989a56b58b2369b42327968f23f2dddc6d9b2975c51f5

    • SSDEEP

      12288:7ycqterR53JplKiFwgxtQ9LdQAGAHUq/uzK6UA8t9HHHHHHHHHIHHHHHHczJXNAG:7QtervJXzQ9L

    • Oski

      Oski is an infostealer targeting browser data, crypto wallets.

    • Oski family

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Adds Run key to start application

    • Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.