Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

General

  • Target

    MatrixBaitSwitch.exe

  • Size

    10KB

  • Sample

    230509-rtqvtaac4w

  • MD5

    e750df4025d4102df507c89efed5f094

  • SHA1

    345eb709185ec61fb061726b0ebc0ebea5efd142

  • SHA256

    047c1126be23db6653f545e6d7313e5dcbd715a799019f7fb31aef68de390f6a

  • SHA512

    651fb4e3e0087673d8b28320ba6b126f31010b5df434d645c21f699de326f9b1b4df87aa963ff7e8adb2a83dd51e10788b67dd8965b290dfe1171da7fe321cc0

  • SSDEEP

    192:QLCJP10fXBe9NdaLix5rupSiP/VunlYJLLLTumTWy5cqLx:QLe96ejdaLiH+3hPLTumSyTL

Score
8/10

Malware Config

Targets

    • Target

      MatrixBaitSwitch.exe

    • Size

      10KB

    • MD5

      e750df4025d4102df507c89efed5f094

    • SHA1

      345eb709185ec61fb061726b0ebc0ebea5efd142

    • SHA256

      047c1126be23db6653f545e6d7313e5dcbd715a799019f7fb31aef68de390f6a

    • SHA512

      651fb4e3e0087673d8b28320ba6b126f31010b5df434d645c21f699de326f9b1b4df87aa963ff7e8adb2a83dd51e10788b67dd8965b290dfe1171da7fe321cc0

    • SSDEEP

      192:QLCJP10fXBe9NdaLix5rupSiP/VunlYJLLLTumTWy5cqLx:QLe96ejdaLiH+3hPLTumSyTL

    Score
    8/10
    • Downloads MZ/PE file

    • Checks computer location settings

      Looks up country code configured in the registry, likely geofence.

    • Executes dropped EXE

    • Adds Run key to start application

    • Writes to the Master Boot Record (MBR)

      Bootkits write to the MBR to gain persistence at a level below the operating system.

MITRE ATT&CK Enterprise v6

Tasks