Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
General
-
Target
MatrixBaitSwitch.exe
-
Size
10KB
-
Sample
230509-rtqvtaac4w
-
MD5
e750df4025d4102df507c89efed5f094
-
SHA1
345eb709185ec61fb061726b0ebc0ebea5efd142
-
SHA256
047c1126be23db6653f545e6d7313e5dcbd715a799019f7fb31aef68de390f6a
-
SHA512
651fb4e3e0087673d8b28320ba6b126f31010b5df434d645c21f699de326f9b1b4df87aa963ff7e8adb2a83dd51e10788b67dd8965b290dfe1171da7fe321cc0
-
SSDEEP
192:QLCJP10fXBe9NdaLix5rupSiP/VunlYJLLLTumTWy5cqLx:QLe96ejdaLiH+3hPLTumSyTL
Malware Config
Targets
-
-
Target
MatrixBaitSwitch.exe
-
Size
10KB
-
MD5
e750df4025d4102df507c89efed5f094
-
SHA1
345eb709185ec61fb061726b0ebc0ebea5efd142
-
SHA256
047c1126be23db6653f545e6d7313e5dcbd715a799019f7fb31aef68de390f6a
-
SHA512
651fb4e3e0087673d8b28320ba6b126f31010b5df434d645c21f699de326f9b1b4df87aa963ff7e8adb2a83dd51e10788b67dd8965b290dfe1171da7fe321cc0
-
SSDEEP
192:QLCJP10fXBe9NdaLix5rupSiP/VunlYJLLLTumTWy5cqLx:QLe96ejdaLiH+3hPLTumSyTL
Score8/10-
Downloads MZ/PE file
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE
-
Adds Run key to start application
-
Writes to the Master Boot Record (MBR)
Bootkits write to the MBR to gain persistence at a level below the operating system.
-