Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
EPOKA V2.exe
-
Size
349KB
-
Sample
240422-ptkmpabd25
-
MD5
d046c7c32423489927bc7ecbc1864ef0
-
SHA1
6425baebaaa91f3557e7ee19d278ee09a5643e42
-
SHA256
66782c5ef8178fbc10751a66741548ce7ae9e6e35f1dcb3e7418f1fe04aee636
-
SHA512
1483f647ab93ee3b82b7e57699ea2a1d14e56eafe7c6529c9860b4cb88d12f54162980a3b897b11d170c45c04814d9cf76e6d9ef8485e0922ddd7c3980d788fa
-
SSDEEP
3072:zq6+ouCpk2mpcWJ0r+QNTBfjiRsOyXkrKzgrKzBhnQ0rrzUde6Id6x:zldk1cWQRNTBbB4x
Static task
static1
Malware Config
Targets
-
-
Target
EPOKA V2.exe
-
Size
349KB
-
MD5
d046c7c32423489927bc7ecbc1864ef0
-
SHA1
6425baebaaa91f3557e7ee19d278ee09a5643e42
-
SHA256
66782c5ef8178fbc10751a66741548ce7ae9e6e35f1dcb3e7418f1fe04aee636
-
SHA512
1483f647ab93ee3b82b7e57699ea2a1d14e56eafe7c6529c9860b4cb88d12f54162980a3b897b11d170c45c04814d9cf76e6d9ef8485e0922ddd7c3980d788fa
-
SSDEEP
3072:zq6+ouCpk2mpcWJ0r+QNTBfjiRsOyXkrKzgrKzBhnQ0rrzUde6Id6x:zldk1cWQRNTBbB4x
-
Disables Task Manager via registry modification
-
Drops file in Drivers directory
-
Manipulates Digital Signatures
Attackers can apply techniques such as modifying certain DLL exports to make their binary seem valid.
-
Drops desktop.ini file(s)
-
Drops autorun.inf file
Malware can abuse Windows Autorun to spread further via attached volumes.
-
Drops file in System32 directory
-
Modifies termsrv.dll
Commonly used to allow simultaneous RDP sessions.
-