MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

OskiStealer

Vendor detections: 10

Intelligence 10 IOCs YARA 3 File information Comments

SHA256 hash:	6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee
SHA3-384 hash:	cf8e0842bfcd7d9c9929b48e78ba9d874bfb5ec029f32525e84dde0b43872add2c79b4a18d735c488f9f55cd00b8b368
SHA1 hash:	2110f85d2637343e45a167e36903e7534c7bbfa4
MD5 hash:	91157209ad82927373b6974bb6a1f70a
humanhash:	maryland-illinois-california-monkey
File name:	SecuriteInfo.com.Win32.Malware-gen.27257.31327
Download:	download sample
Signature	OskiStealer Create hunting rule
File size:	11'559'134 bytes
First seen:	2024-01-22 18:28:01 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	f6baa5eaa8231d4fe8e922a2e6d240ea (36 x CoinMiner, 22 x DCRat, 15 x LummaStealer)
ssdeep	196608:Ogj0I86pP/a3A3lAWDh6NtNPc577Iy32d+M45RkydnBpPA:OgjZ8mVAWDuN27IWk+dgCnBm
Threatray	440 similar samples on MalwareBazaar
TLSH	T1B0C6330266C34C78C4A024BE9603EAA85BBF5E859F789CC77756620BE51C7C6C772B0D
TrID	43.3% (.EXE) Microsoft Visual C++ compiled executable (generic) (16529/12/5) 27.6% (.EXE) Win64 Executable (generic) (10523/12/4) 13.2% (.EXE) Win16 NE executable (generic) (5038/12/1) 5.3% (.EXE) OS/2 Executable (generic) (2029/13) 5.2% (.EXE) Generic Win/DOS Executable (2002/3)
File icon (PE):
dhash icon	c0e492a9acb68a04 (1 x CobaltStrike, 1 x OskiStealer)
Reporter	SecuriteInfoCom
Tags:	exe OskiStealer

Intelligence

File Origin

# of uploads :

# of downloads :

340

Origin country :

Vendor Threat Intelligence

Detection:

n/a

Link:

https://www.capesandbox.com/analysis/472343/

Detection(s):

SecuriteInfo.com.Win32.Malware-gen.27257.31327.UNOFFICIAL

Result

Verdict:

Clean

Maliciousness:

Behaviour

Creating a window

Verdict:

Malicious

Threat level:

10/10

Confidence:

100%

Tags:

fingerprint hook keylogger lolbin overlay packed shell32

Link:

https://www.filescan.io/uploads/65aeb3bfcaf820370f586d33/reports/213c9152-dd5f-43ab-901b-b95055ed2df2/overview

Verdict:

Malicious

Labled as:

Win/grayware_confidence_70%

Link:

https://www.hybrid-analysis.com/sample/6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee

Result

Verdict:

MALICIOUS

Verdict:

Suspicious

Link:

https://analyze.intezer.com/analyses/2bc27989-bb41-4d12-bb01-a9e4fc67a648

Result

Threat name:

n/a

Detection:

malicious

Classification:

spyw

Score:

60 / 100

Link:

https://www.joesandbox.com/analysis/1378950

Signature

Antivirus / Scanner detection for submitted sample

Contains functionality to register a low level keyboard hook

Multi AV Scanner detection for submitted file

Behaviour

Behavior Graph:

Download SVG

Score:

31%

Verdict:

Susipicious

File Type:

Link:

https://malprob.io/report/6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee

Detection:

n/a

Link:

https://mwdb.cert.pl/sample/6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee/

Threat name:

Win32.Trojan.Generic

Status:

Malicious

First seen:

2022-11-04 00:48:53 UTC

File Type:

PE (Exe)

Extracted files:

AV detection:

6 of 38 (15.79%)

Threat level:

2/5

Detection(s):

Suspicious file

Link:

https://check.spamhaus.org/check/?searchterm=n3y5zhoxu4pdlcgin2pvcbmuco5vxkgmp3pnvydnk4kq5hzr6dxa._file

Verdict:

unknown

OskiStealer

6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee

OskiStealer

8257b6d9db2a0054895b3afaf01e40a3dfb56bdf7195865097201cc6c1e38edf

OskiStealer

84f515bfed1a8fa9f055a9f3bddb3851618ce0b0b940a5d548aadc24c19362bb

OskiStealer

8ca51ea9c184a9158e890bdefc538f7c49cfbbd33c19f3fadca0c03490a5b707

OskiStealer

aa89562efabab44187a1813c2ad73254d12e6ef92ede28d0a6054ee1ea09a175

OskiStealer

c89400e70500cd0faad8ea9d0c8d3cc2fc58408c1123dd3fbcd02e80d4bbed65

OskiStealer

f53626ef5370de09cfbc55c497ff9058066f3c5a18d9caead5ee4c594e2fb57a

OskiStealer

+ 430 additional samples on MalwareBazaar

Result

Malware family:

n/a

Score:

1/10

Tags:

n/a

Link:

https://tria.ge/reports/240122-w4dqfsceh4/

Behaviour

Suspicious behavior: GetForegroundWindowSpam

Unpacked files

SH256 hash:

f0326b0f458ee8283df11d7ec6b82e7e8567d5ac7cb7c8aa84cda063540e3acf

MD5 hash:

2f84b70e58afa393d775da3e1ac5e490

SHA1 hash:

04a52192cfa64ea48dab130dfbf02e80068253cd

Link:

https://www.unpac.me/results/c72cbbed-cfa1-432e-99cd-10166197faeb/

SH256 hash:

e8241731c036122f09b57c556eace451b4a8a4fa2fa2e63a6b4318b25e49e7e3

MD5 hash:

43f59d21a2ce8ea54b3cccdedc813c87

SHA1 hash:

34837e86e8f11b57c07e6544ffa49e99e699f1ad

Detections:

win_oski_g0

Link:

https://www.unpac.me/results/c72cbbed-cfa1-432e-99cd-10166197faeb/

SH256 hash:

7659f35e9457fa3c1674e3ac278907bc3b4571299ee4afc2aa0b9d5e3e7c5eed

MD5 hash:

c71da4ec3176aa4ff48f3e957b9fa344

SHA1 hash:

864acd2973ca8feb6bf6c0762eec735742360faa

Link:

https://www.unpac.me/results/c72cbbed-cfa1-432e-99cd-10166197faeb/

SH256 hash:

6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee

MD5 hash:

91157209ad82927373b6974bb6a1f70a

SHA1 hash:

2110f85d2637343e45a167e36903e7534c7bbfa4

Link:

https://www.unpac.me/results/c72cbbed-cfa1-432e-99cd-10166197faeb/

Please note that we are no longer able to provide a coverage score for Virus Total.

Threat name:

Malicious File

Score:

1.00

Link:

https://yomi.yoroi.company/submissions/6ef1dc9dd7a71e3588c86e9f51059413bb5ba8cc7ededae06d57150e9f31f0ee

YARA Signatures

MalwareBazaar uses YARA rules from several public and non-public repositories, such as YARAhub and Malpedia. Those are being matched against malware samples uploaded to MalwareBazaar as well as against any suspicious process dumps they may create. Please note that only results from TLP:CLEAR rules are being displayed.

Rule name:	BitcoinAddress Create hunting rule
Author:	Didier Stevens (@DidierStevens)
Description:	Contains a valid Bitcoin address

Rule name:	PE_Digital_Certificate Create hunting rule
Author:	albertzsigovits

Rule name:	PE_Potentially_Signed_Digital_Certificate Create hunting rule
Author:	albertzsigovits

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Cape

https://www.capesandbox.com/analysis/472343/

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample