Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    EPOKA V2.exe

  • Size

    349KB

  • Sample

    240422-ptkmpabd25

  • MD5

    d046c7c32423489927bc7ecbc1864ef0

  • SHA1

    6425baebaaa91f3557e7ee19d278ee09a5643e42

  • SHA256

    66782c5ef8178fbc10751a66741548ce7ae9e6e35f1dcb3e7418f1fe04aee636

  • SHA512

    1483f647ab93ee3b82b7e57699ea2a1d14e56eafe7c6529c9860b4cb88d12f54162980a3b897b11d170c45c04814d9cf76e6d9ef8485e0922ddd7c3980d788fa

  • SSDEEP

    3072:zq6+ouCpk2mpcWJ0r+QNTBfjiRsOyXkrKzgrKzBhnQ0rrzUde6Id6x:zldk1cWQRNTBbB4x

Malware Config

Targets

    • Target

      EPOKA V2.exe

    • Size

      349KB

    • MD5

      d046c7c32423489927bc7ecbc1864ef0

    • SHA1

      6425baebaaa91f3557e7ee19d278ee09a5643e42

    • SHA256

      66782c5ef8178fbc10751a66741548ce7ae9e6e35f1dcb3e7418f1fe04aee636

    • SHA512

      1483f647ab93ee3b82b7e57699ea2a1d14e56eafe7c6529c9860b4cb88d12f54162980a3b897b11d170c45c04814d9cf76e6d9ef8485e0922ddd7c3980d788fa

    • SSDEEP

      3072:zq6+ouCpk2mpcWJ0r+QNTBfjiRsOyXkrKzgrKzBhnQ0rrzUde6Id6x:zldk1cWQRNTBbB4x

    • Modifies Windows Defender Real-time Protection settings

    • Disables Task Manager via registry modification

    • Drops file in Drivers directory

    • Manipulates Digital Signatures

      Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.

    • Reads user/profile data of web browsers

      Infostealers often target stored browser data, which can include saved credentials etc.

    • Drops desktop.ini file(s)

    • Drops autorun.inf file

      Malware can abuse Windows Autorun to spread further via attached volumes.

    • Drops file in System32 directory

    • Modifies termsrv.dll

      Commonly used to allow simultaneous RDP sessions.

MITRE ATT&CK Enterprise v15

Tasks