{
	"id": "f2e8488c-3bb5-4f00-b45f-7f828fbc96cc",
	"created_at": "2026-04-06T00:11:01.468146Z",
	"updated_at": "2026-04-10T13:13:05.542006Z",
	"deleted_at": null,
	"sha1_hash": "6c46c43ca958ff2693052d8c8bb38a8fe55f9d51",
	"title": "OskiStealerEN.pdf",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 32928,
	"plain_text": "OskiStealerEN.pdf\r\nArchived: 2026-04-05 19:59:38 UTC\r\nSida 3 av 18\r\nIntroduction\r\nFirst thought to have surfaced in November 2019, the \"Oski Stealer\" malware\r\nshowcases its ability to steal sensitive information, credentials and data from\r\ncryptocurrency wallets from more than 60 apps. The name Oski is derived from\r\nan old Norse word meaning \"Viking Warrior\". The malware targets the following\r\ndata;\r\nLogin information in apps\r\nBrowser information (cookies, autofill, credit card information)\r\nScreenshots\r\nSystem information\r\nCryptocurrency wallets (Bitcoin, Ethereum, Litecoin etc.)\r\nThe oski pest, which is offered for sale on Russian underground platforms and has\r\nan easy interface, is offered for sale at a price between $ 70 and $ 100. It is a\r\nfamily of malware that is highly preferred by hackers because it is affordable and\r\nsteals a lot of data. Customers on underground forums by contacting Oski Stealer\r\ndevelopers buys malware and develops it and distributes it to its targets. The\r\nmalware family, which has a great reputation on the underground forums, receives\r\na lot of positive feedback from its customers, which can be cited as an indication\r\nof how stable the oski malware is.\r\nAlthough Oski is mostly seen in North America, it has recently started to be seen\r\nin China as well. As with many malware, Oski malware It aims to spread using\r\nthe phishing technique.\r\nhttps://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view\r\nPage 1 of 2\n\nFirst Look\r\nOski malware downloads 7 DLLs from the C\u0026C server and uses these DLLs to\r\nsteal the data it targets. It was observed that the anti-debug method used by Oski\r\nStealer malware was incomplete in preventing dynamic analysis. It only checks\r\nthe system name as an anti-debugging technique.\r\nThe information the malware collects Under C:\\ProgramData folder saves in a file\r\nof random characters then this file makes a zip file and creates an http post request\r\nand sends this file to the C\u0026C server in an encrypted way.\r\n3\r\nSource: https://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view\r\nhttps://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://drive.google.com/file/d/1c72YIF6JYcEvbFZCrkZO26D9hC3gnyMP/view"
	],
	"report_names": [
		"view"
	],
	"threat_actors": [],
	"ts_created_at": 1775434261,
	"ts_updated_at": 1775826785,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/6c46c43ca958ff2693052d8c8bb38a8fe55f9d51.pdf",
		"text": "https://archive.orkl.eu/6c46c43ca958ff2693052d8c8bb38a8fe55f9d51.txt",
		"img": "https://archive.orkl.eu/6c46c43ca958ff2693052d8c8bb38a8fe55f9d51.jpg"
	}
}