t35.exe.bin

General
Target

t35.exe.bin.exe

Filesize

266KB

Completed

23-11-2020 19:32

Score
7 /10
MD5

1db6bd4d13cb9966e8875b3812aef71d

SHA1

974c46a807d2d680dad5b6d63c38dd0e06e1ed68

SHA256

9bdbb8dde9ad9be8d9303df1697e13a0f846cca95bc9e41d513c1f5f2a7a37b3

Malware Config
Signatures 6

Filter: none

Collection
Credential Access
Discovery
  • Reads user/profile data of web browsers

    Description

    Infostealers often target stored browser data, which can include saved credentials etc.

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Accesses cryptocurrency files/wallets, possible credential harvesting

    Tags

    TTPs

    Data from Local SystemCredentials in Files
  • Checks installed software on the system

    Description

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    Tags

    TTPs

    Query Registry
  • Looks up external IP address via web service

    Description

    Uses a legitimate IP lookup service to find the infected system's external IP.

    Reported IOCs

    flowioc
    9api.ipify.org
  • Checks processor information in registry
    t35.exe.bin.exe

    Description

    Processor information is often read in order to detect sandboxing environments.

    TTPs

    Query RegistrySystem Information Discovery

    Reported IOCs

    descriptioniocprocess
    Key opened\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0t35.exe.bin.exe
    Key value queried\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameStringt35.exe.bin.exe
  • Suspicious behavior: EnumeratesProcesses
    t35.exe.bin.exe

    Reported IOCs

    pidprocess
    2724t35.exe.bin.exe
    2724t35.exe.bin.exe
Processes 1
  • C:\Users\Admin\AppData\Local\Temp\t35.exe.bin.exe
    "C:\Users\Admin\AppData\Local\Temp\t35.exe.bin.exe"
    Checks processor information in registry
    Suspicious behavior: EnumeratesProcesses
    PID:2724
Network
MITRE ATT&CK Matrix
Command and Control
    Credential Access
    Defense Evasion
      Execution
        Exfiltration
          Impact
            Initial Access
              Lateral Movement
                Persistence
                  Privilege Escalation
                    Replay Monitor
                    00:00 00:00
                    Downloads