MalwareBazaar Database

You are currently viewing the MalwareBazaar entry for SHA256 b56f704d8baea24179931e0f4efe389e4fb6175c7fb83c49d31aac5ab1e00a03. While MalwareBazaar tries to identify whether the sample provided is malicious or not, there is no guarantee that a sample in MalwareBazaar is malicious.

Database Entry

Threat unknown

Vendor detections: 4

Intelligence 4 IOCs YARA File information Comments

SHA256 hash:	b56f704d8baea24179931e0f4efe389e4fb6175c7fb83c49d31aac5ab1e00a03
SHA3-384 hash:	7e9c0c2a2761bb25f64f20dc595e75af127b303a40bf226f1564086088b64f7b94a0783d2189b988356a1deb166967ae
SHA1 hash:	73f241236361841541f196dae1cecde3d3f776bb
MD5 hash:	d15ff09dd1c482c95748147357375b8e
humanhash:	carolina-victor-ack-island
File name:	SecuriteInfo.com.Win32.Packed.Themida.HMM.7966
Download:	download sample
File size:	1'576'976 bytes
First seen:	2020-06-07 22:47:26 UTC
Last seen:	Never
File type:	exe
MIME type:	application/x-dosexec
imphash	430300c6431de6d32572cb6b4354d70b (5 x ArkeiStealer)
ssdeep	49152:KsDbdaOcaEijbsRgGtnepIxb2ta+cHiBU8BUuOJg4ttQQpYsOVSUDOr0i5gqVQ:KgESbsRgGtnepIxb2ta+cHiBU8BUuOJw
Threatray	33 similar samples on MalwareBazaar
TLSH	3B75E0708741ABA7D80606FBE61676B11DEF9C6B81F012CDB82E345ADBBC1337356606
Reporter	SecuriteInfoCom

Intelligence

File Origin

# of uploads :

1

# of downloads :

66

Origin country :

n/a

Vendor Threat Intelligence

Detection(s):

SecuriteInfo.com.Win32.Packed.Themida.HMM.7966.UNOFFICIAL

Gathering data

Threat name:

Win32.Trojan.Chapak

Status:

Malicious

First seen:

2020-06-07 20:11:19 UTC

AV detection:

21 of 28 (75.00%)

Threat level:

5/5

Verdict:

malicious

Similar samples:

1571b2ee13c7552f19b2fffc1c3f7dc63dffa8652d0cfa32136852629763018d

433811102726bc15416ca338a2df55ec1daaf3f2565ee00d7f6484064746fb30

484ff6267219f9eb4794c1f20aaa9562a459e0d1a787743592b1532eda3be541

5b113b08d25005c3195b8144e422bdd1a2f866fc3cf9d6bc641f006539e97e07

610ef8befe605dd4ba3277c221c25932ffd6e1b939728da70ebd0d1b96fddaa4

68e0c8bcb14bc94813d8c6494966d1f32b60ccca1fb9d80996707abeee3d2db5

8cd9ff6a88e32c22bc217df94c45075bc145f0263d0e151180fe9651d8826e57

99b9b649c59745f1544c91ffe35dad1e1529c9cb6715325c95ee396bbe3db2ab

b833d79953fe177a48a5832ce2606c41d00f0d5b9bd31ceb25d3055a3850c2f7

e9e9a0314ec1302997e3382807436f43a70e0dc2c165aafa6b5b8f3856d04d0d

+ 23 additional samples on MalwareBazaar

Result

Malware family:

oski

Score:

10/10

Tags:

family:oski evasion infostealer spyware trojan

Link:

https://tria.ge/reports/201109-l7esllg23j/

Behaviour

Suspicious use of NtSetInformationThreadHideFromDebugger

Checks whether UAC is enabled

Accesses cryptocurrency files/wallets, possible credential harvesting

Checks BIOS information in registry

Reads user/profile data of web browsers

Identifies VirtualBox via ACPI registry values (likely anti-VM)

Oski

Please note that we are no longer able to provide a coverage score for Virus Total.

File information

The table below shows additional information about this malware sample such as delivery method and external references.

Web download

exe b56f704d8baea24179931e0f4efe389e4fb6175c7fb83c49d31aac5ab1e00a03

(this sample)

URLhaus

https://urlhaus.abuse.ch/url/382875/

Delivery method

Distributed via web download

Comments

Login required

You need to login to in order to write a comment. Login with your abuse.ch account.

No comments found for this malware sample