Extracted

• • Target

    ortrainingie64/ortrainingie64.exe

  • Size

    11.3MB

  • MD5

    05270be6cdef9df3f9d5c9919599ac30

  • SHA1

    e8deef7d2d5d62a9e3e17f45508d465cabf607ef

  • SHA256

    f9c0b902d916f689dcf93a3557640741826483e3c2c3139a02605a5ec0546b29

  • SHA512

    841524eecb3397f44f13e4758c07ea87c82744278cd94c3f3e1458926305f3d298385a38d08855124429fbddd4855d9d1fdda492837d93e474930c6c8760a6f8

  • SSDEEP

    196608:WXk6cYbWJrBfhAEwjDLLKU2NCETLKrJSnMzDOhFQDdLLwXg5+gqyQj1d:W0IMrijX+LqAsaFQBA++gq/j1

  Score

  10^/10

  stealcdiscoverypersistencespywarestealer

  • Detects Stealc stealer

    stealer

  • Stealc

    Stealc is an infostealer written in C++.

    stealerstealc

  • Downloads MZ/PE file

  • Executes dropped EXE

  • Loads dropped DLL

  • Reads user/profile data of web browsers

    Infostealers often target stored browser data, which can include saved credentials etc.

    spywarestealer

  • Accesses cryptocurrency files/wallets, possible credential harvesting

    spyware

  • Adds Run key to start application

    persistence

  • Checks installed software on the system

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery

  • Suspicious use of SetThreadContext

  behavioral1behavioral2