Extracted

• • Target

    7a6beb3d6b5da7f3c02504f7bac4699b

  • Size

    417KB

  • MD5

    7a6beb3d6b5da7f3c02504f7bac4699b

  • SHA1

    0a0b99ca58be23b6f7fb12bf00e648206a5ebb76

  • SHA256

    b34170c638c226b607143d245b15d215fb9ba7bcf05db48967b158841509e250

  • SHA512

    8940b62eca262aff977823fe566542f348d4d2a96c71966677b49ab2bd9a71e32d0e2eea3085df4f9473a9c80c58ff3c3e5aeea2cb57c5403c9cb7f16050a575

  • SSDEEP

    6144:QDXIE3wQQBHndOMlhWmm6zcd6HyflDZDk7K4Ps/dq9fbwwhkiKXmO4E5OLyGhK8W:QTYn1PBmD7Lo7KIslSfMvj94jLNS

  Score

  10^/10

  arkeievasionstealertrojan

  • Arkei

    Arkei is an infostealer written in C++.

    stealerarkei

  • Modifies Windows Defender Real-time Protection settings

    evasiontrojan

  • Turns off Windows Defender SpyNet reporting

    evasion

  • Windows security bypass

    evasiontrojan

  • Nirsoft

  • Checks computer location settings

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE

  • Loads dropped DLL

  • Windows security modification

    evasiontrojan

  • Suspicious use of SetThreadContext

  behavioral1behavioral2