Full Report
2025-04-30 • ZAYOTEM • Tamer Burak Telseren • win.oski Open article on Malpedia
Analysis Summary
Since the provided context is only the title and metadata of a report ("Oski Stealer Technical Analysis Report 2025") rather than the actual content detailing the TTPs, capabilities, or IOCs, the summary must state that specific details are missing and provide a structure based on what is known about the subject (Oski Stealer).
# Tool/Technique: Oski Stealer
## Overview
Oski Stealer is a known malware family primarily focused on information theft from compromised Windows systems. Its main purpose is to harvest sensitive data, including credentials, cryptocurrency wallet information, saved passwords, and browser cookies, for exfiltration to the threat actor.
## Technical Details
- Type: Malware family (Infostealer)
- Platform: Windows (Inferred from typical infostealer deployment and associated context, though specific confirmation requires report content)
- Capabilities: Information theft, credential scraping, browser data harvesting.
- First Seen: Information unavailable from the provided context.
## MITRE ATT&CK Mapping
*Detection/Analysis requires accessing the full report. The following are *typical* mappings for an information stealer like Oski:*
- [TA0010 - Credential Access]
- [T1003 - OS Credential Dumping]
- [T1056 - Input Capture]
- [T1056.001 - Keylogging]
- [TA0011 - Collection]
- [T1119 -<bos> Machine Data Collection]
- [TA0010 - Exfiltration]
- [T1567 - Exfiltration Over Web Service]
## Functionality
### Core Capabilities
- Harvesting credentials from various applications (e.g., email clients, FTP clients).
- Stealing data stored in major web browsers (cookies, history, saved passwords).
- Targeting cryptocurrency wallets and related files.
### Advanced Features
- Specific advanced features are unknown without accessing the full 2025 Technical Analysis Report.
## Indicators of Compromise
Indicator details (Hashes, C2s, specific file paths) are not available in the provided metadata.
- File Hashes: [Information unavailable]
- File Names: [Information unavailable]
- Registry Keys: [Information unavailable]
- Network Indicators: [Information unavailable (defanged)]
- Behavioral Indicators: [Information unavailable]
## Associated Threat Actors
Associated threat actors utilizing Oski Stealer would be detailed within the full report.
## Detection Methods
Detection relies on identifying known signatures, execution paths, and network communication patterns associated with Oski Stealer variants.
- Signature-based detection: [Requires report specifics]
- Behavioral detection: [Monitoring for file access to credential stores or browser profiles]
- YARA rules: [Requires report specifics]
## Mitigation Strategies
General protections against stealer malware deployment:
- Prevention measures: Strict attachment filtering, comprehensive endpoint protection, use of application whitelisting.
- Hardening recommendations: Enforcing Multi-Factor Authentication (MFA) everywhere, keeping operating systems and applications patched, and encrypting sensitive file containers.
## Related Tools/Techniques
Infostealers sharing similar objectives: Vidar, RedLine, Agent Tesla.