Windows Analysis Report
http://prident-group.com

Overview

General Information

Sample URL: http://prident-group.com
Analysis ID: 1417197
Infos:

Detection

HtmlDropper, HTMLPhisher
Score: 64
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Yara detected Html Dropper
Yara detected HtmlPhish10
HTML body contains low number of good links
HTML title does not match URL
Invalid 'sign-in options' or 'sign-up' link found
None HTTPS page querying sensitive user data (password, username or email)

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://prident-group.com SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing
barindex
Yara detected HtmlPhish10
Source: Yara match File source: 1.1.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
HTML body contains low number of good links
Source: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP Parser: Number of links: 0
HTML title does not match URL
Source: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP Parser: Title: ecaee79400b7f02308c6c8258db94e3b6605ae7a1e2fb does not match URL
Invalid 'sign-in options' or 'sign-up' link found
Source: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP Parser: Invalid link: get a new Microsoft account
None HTTPS page querying sensitive user data (password, username or email)
Source: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP Parser: Has password / email / username input fields
Source: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP Parser: No favicon
Source: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP Parser: No <meta name="author".. found
Source: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown TCP traffic detected without corresponding DNS query: 72.21.81.240
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 17:53:00 GMTServer: ApacheLast-Modified: Thu, 28 Mar 2024 10:52:10 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 1435Keep-Alive: timeout=5, max=92Connection: Keep-AliveContent-Type: image/svg+xmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 57 4d 6f 1c 37 0c fd 2b 8b ed 75 56 96 48 4a a2 0a db 80 7b f2 c1 be fa 90 db b6 b1 b3 06 ec 26 88 17 76 fa ef fb 28 51 b3 46 91 a2 c9 a5 b0 f7 61 57 1c 51 fc 7c e2 9c bf bc 7e da 7c 7b 7e fa f3 e5 62 7b 38 1e bf fc 7a 76 f6 f6 f6 16 de 38 7c fe fa e9 8c 62 8c 67 78 62 bb 79 7b fc 78 3c 5c 6c 53 d4 ed e6 70 ff f8 e9 70 bc d8 92 6c 37 af 8f f7 6f bf 7d fe 76 b1 8d 9b b8 81 74 83 c5 cb f3 e3 e3 f1 e9 fe 72 ff f2 72 7f 7c 39 3f 1b bf ce bf ec 8f 87 cd c7 8b ed ad 48 50 2e 8b 84 72 97 34 c8 61 47 41 ee 6a c8 ca d7 82 af 37 ac 21 a5 b6 98 ec 9a 4b c8 9c 6e 98 42 12 5a fa 43 87 5d 88 d4 fa d6 6b 6a a1 dd 41 d1 81 83 70 b9 e1 1a 78 49 a6 fe 10 62 d6 1b 49 21 4b b6 93 3e 3c d3 92 42 94 b6 4f 81 8a 2e 03 23 fe d2 12 24 b5 5d 68 a5 62 55 12 3b 0e 59 da 05 86 29 00 72 f4 75 d8 10 c4 96 fa 67 2a 0a 2d 77 dd 32 b1 0b 76 50 68 a2 ae 9a d4 71 88 a0 08 0a 34 5f a5 ae 4e 5c 95 d4 40 79 29 a1 74 7b d3 32 70 6a 8b 66 af e8 ad 34 68 1e 81 c2 86 a8 e9 4e 43 8e f5 ba af 7f 78 c6 52 11 9c 50 9a ec 39 10 9c 1a 18 87 22 84 34 ef 60 25 4e 0b 9a 26 ae c2 0c 61 e1 8c 40 ef 11 c0 d2 c3 08 9c 66 53 29 41 34 c1 46 d5 e2 38 65 39 4b 48 45 b0 a3 c6 ea 38 64 08 43 52 c3 a8 4b 0e 05 67 0f 9c 51 95 1d 87 c6 84 d5 98 b3 e3 90 61 1d 16 8d 84 66 0b a8 e3 dc c9 64 67 2a 4e 13 4e 8e 6b ae 0a 23 77 af 14 88 19 ce d4 c2 cb c0 ee 2c 94 22 a8 25 d9 19 49 c5 71 15 59 8c 52 5d 08 96 37 c7 21 83 3a 82 55 78 9e eb 80 b1 1e 54 ec 71 49 a5 c7 7b e2 08 2c 62 cc 10 32 ab e9 42 1b 0c 1c 42 68 8c 0d d5 5b 6f 0b 9c 5b 34 b0 f0 1e 0f 64 5a 06 7a 9d 21 2e 6c b6 a4 fe f1 45 ae 39 24 f8 c8 59 b1 27 ca d2 c1 4d ca 2c 70 03 c1 24 84 bb 38 4e 73 33 ed 42 b2 fa d6 a8 8e d3 7b 11 0d 95 08 2e 48 a9 8e 53 65 33 ab 10 82 d1 8a 25 86 4c 79 14 e0 01 56 50 7b b5 42 68 e8 44 d6 2b 82 16 b3 d8 70 d8 8b 94 28 ec d1 60 81 b0 e0 0f 74 e1 ea fe b3 55 08 65 b9 ca e6 d8 32 d0 1f aa a1 c2 86 16 6a da c3 f5 25 af b1 30 d5 66 3c f7 12 04 71 0c 9c c2 42 bd 6b b5 ab 4e e4 b8 16 12 9e 30 33 ed d8 ea 38 0b 9b d5 b2 a9 6c 95 99 9a e3 10 62 53 a5 de da 76 68 e3 ec 38 a5 05 51 86 82 4c 57 58 57 eb 0a 43 f7 04 ad 14 cb 92 f0 d4 33 0a 87 50 72 b1 56 f4 6c 86 82 81 5e 3d 56 58 5c 2c 64 39 66 c7 59 3b 31 21 77 c9 64 2c d9 71 76 73 b3 fc 9b 10 66 2a 3b ba ce 02 92 e8 a7 5a 68 72 72 f4 2c 17 55 13 f6 fc b0 36 c7 59 1e 8d da ce 2b 5a 64 c0 2a 52 b5 ca b2 a3 62 75 74 9d f6 15 cf 22 b7 a0 91 ae 1d 34 b7 4c ea 09 8c 7a aa da bb 9c 8a e3 f4 03 89 4c 9d 51 ca c4 99 b6 96 8d a7 29 f7 e2 ee 9f d9 2c c5 b2 5d b4 59 11 26 0b 8c e1 10 2a 5a 73 49 56 47 02 5e c8 d9 e8 23 cf 02 83 65 ad f7 72 09 ad aa e3 5a 09 c5 9a 46 1a 96 63 7f c4 f0 c4 8d c8 20 eb ab 51 44 43 6d 56 b6 8a 31 9c 7e b0 15 ef 82 4a 39 ad 90 62 5f 4f 6f 76 5c
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 17:53:00 GMTServer: ApacheLast-Modified: Thu, 28 Mar 2024 10:52:10 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 621Keep-Alive: timeout=5, max=91Connection: Keep-AliveContent-Type: image/svg+xmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 55 4d 6f 22 31 0c fd 2b a3 d9 ab 93 c9 f7 47 3b 20 cd 9e 38 6c af 1c b8 4d 0b 05 24 0a 55 19 41 57 ab fe f7 b5 93 a0 55 61 58 0d d8 60 27 ef 3d db 09 b4 c7 d3 ba fa 7c db ed 8f 93 7a 33 0c ef 0f 4d 73 3e 9f f9 59 f3 c3 c7 ba 51 42 88 06 57 d4 d5 79 bb 1c 36 93 da 84 ba da ac b6 eb cd 90 3f 9f b6 ab f3 cf c3 e7 a4 16 95 a8 4c c0 57 3d 6d 97 ab d7 e3 b4 3d 0e bf 77 ab 29 ef ff bc 6e 77 bb 87 fd 61 bf 7a fc e2 cf f9 db 0f 23 e8 79 fc 6a 9b bc ac 6d f2 a6 8f d5 cb 50 bd ec fa 23 ca e9 ef b1 36 d3 f6 bd 1f 36 97 75 cf 75 b5 9c d4 4f 46 80 56 dc fa 30 37 62 a6 d5 5c bb 99 0a 73 ad 66 ca cc 55 e0 de b9 4e 0a ee 42 84 e2 04 3e 12 64 04 2d 7a 0c a5 78 89 32 cb ad f1 4c 72 0b 52 72 29 dc c5 e5 ac e2 4a 46 cc 7a 19 3b 4c 68 af a1 b8 8c 19 71 9f 32 04 41 c0 06 92 c9 5b 09 26 22 80 53 96 b6 3a 99 a0 c9 e5 ad 01 05 5d ab 01 d4 91 15 8d a9 81 a4 23 6b 1a 55 23 35 37 56 93 a8 6b 35 90 74 64 4d a3 6a b0 39 e1 46 4d 51 32 de 1b 48 3a e0 7e 6f 70 14 b6 48 ba 91 93 84 c0 fd e6 68 51 ba 23 a4 85 e2 72 5b b9 54 96 24 f9 40 f1 e0 e3 c5 95 b4 b6 a4 c9 6a b9 78 63 0a 78 30 e6 97 f2 49 a9 42 3a 23 7b 69 50 31 d2 65 27 d2 c3 ad 53 34 e5 a0 3a cf bd 95 90 6d 4e aa 34 29 3c 57 c1 41 b6 29 ce b8 67 1a 2b 0c d8 ae 50 5a 26 10 24 ea 80 23 0a 36 76 91 2b 17 21 db 02 a5 78 2a c7 cb f8 7d 1f f5 5f 8a 11 12 64 e0 fe 8a 23 a1 43 62 1a e1 28 f0 d2 5e 6b c3 cc 68 21 80 04 37 85 64 78 b8 57 48 42 a7 be 06 89 80 c1 28 c8 36 67 1d 37 0e 57 77 74 17 49 3c d9 d2 00 c3 1d 0d 1e 6f ac 3b 99 8d b9 bc 17 4f 69 24 7d 66 cd 36 9f 04 d4 89 87 c5 3a 50 a0 2e 21 3c 35 dc 28 0c 70 19 65 b1 25 65 74 a0 29 77 38 4c 41 e7 84 6c 39 72 88 eb 6e 09 18 81 13 c9 3f 02 46 e0 44 72 4b c0 08 9c 48 c6 08 b0 82 30 46 80 e0 ec 7b 09 2c dd c6 f1 1a 18 c1 b3 7b 45 98 d1 22 80 e0 d9 f7 2a 80 e0 d9 78 19 40 f0 ec 3f 75 98 05 fd f6 d2 1f c2 f4 2f 1d 0b fc 1c 38 06 00 00 Data Ascii: }UMo"1+G; 8lM$UAWUaX`'=|z3Ms>YQBWy6?LW=m=w)nwaz#yjmP#66uuOFV07b\sfUNB>d-zx2LrRr)JFz;Lhq2A[&"S:]#kU#57Vk5tdMj9FMQ2H:~opHhQ#r[T$@jxcx0IB:#{iP1e'S4:mN4)<WA)g+PZ&$#6v+!x*}_d#Cb(^kh!7dxWHB(6g7WwtI<o;Oi$}f6:P.!<5(pe%et)w8LAl9rn?FDrKH0F{,{E"*x@?u/8
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Thu, 28 Mar 2024 17:53:00 GMTServer: ApacheLast-Modified: Thu, 28 Mar 2024 10:52:10 GMTAccept-Ranges: bytesVary: Accept-EncodingContent-Encoding: gzipContent-Length: 673Keep-Alive: timeout=5, max=90Connection: Keep-AliveContent-Type: image/svg+xmlData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 b9 75 c8 c2 62 a2 e0 3e d8 b1 d7 b4 22 00 23 41 32 22 2b 90 af 96 3c 71 63 0e 76 9c f0 94 d9 ed 29 33 a1 95 a3 78 ce 91 70 26 11 dc 4b a2 26 14 a5 54 c2 72 a5 27 e4 13 c9 d5 4a 0a 54 06 d5 c4 da 51 f0 c1 3d d8 0a 48 29 95 58 ee f4 08 3c 92 72 9d 16 92 4b 6b 58 f0 1f 83 0d e0 94 da dd 29 35 69 34 a9 2b 83 68 c6 03 97 ca 10 35 a9 3c a9 a6 35 d7 5e 4f 10 65 43 25 56 5e 1b 0e ca c4 4e 78 a2 45 11 06 3b f6 0e 35 32 8a 03 68 b2 99 f0 18 43 22 49 aa 2f e4 60 c7 09 4f 99 dd 07 66 f3 ed 72 b1 c9 8b 6e b9 68 d7 9b 72 5d 7d a7 47 5e f7 ac 44 ba 37 d8 a2 ef 69 84 5d 9c 7d 84 47 8b 5d 1d b1 ed b8 e7 a9 2e 7b 1c 8c d7 2e 6f 57 d8 d6 f9 af fa a9 cb ff bd fe dd ae eb ae 68 da 97 34 ea c9 ac d6 7d 7e 3d 36 75 e8 bd 19 6b 9b 9e 16 3d cc 58 97 ad 2b 7a 7d d4 85 34 0d 5d df ec 19 fd c5 59 53 35 98 ff 4a 80 cd 04 10 f7 f0 ae 29 8a 2e ef 03 af 93 6d 99 a2 df b8 f8 77 ea 82 df fc b4 d4 b3 a5 df 7e 7d e9 43 ff 62 5f 9f ab 5b 0c 75 87 81 39 5f 37 80 75 1b 75 e9 ba ef 2e f0 c9 87 79 0a 73 73 a6 f4 e3 09 3a 5f 79 51 3c 7b 80 ff 4b e2 56 5f 5a 8c fb af 17 63 9c 47 7f 4e 89 61 de c7 e9 3f 2f c5 c6 25 cf 20 2e 2d 05 dd 4b 8f 74 64 91 08 0f d3 9d 34 9c 1d f8 35 8a 28 9c 65 c0 60 47 37 de 1b 5d 74 3f e0 33 84 9a 5c d1 1c 8e 15 ba 20 97 7f 00 e6 92 47 c2 48 07 00 00 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq*~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1*#vGal9!9Aub>"#A2"+<qcv)3xp&K&Tr'JTQ=H)X<rKkX)5i4+h5<5^OeC%V^NxE;52hC"I/`Ofrnhr]}G^D7i]}G].{.oWh4}~=6uk=X+z}4]YS5J).mw~}Cb_[u9_7uu.yss:_yQ<{KV_ZcGNa?/% .-Ktd45(e`G7]t?3\
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: prident-group.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b HTTP/1.1Host: prident-group.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /jq/4b4518edcaa56220f42b1301dfa0ab7b6605ae7a4d51b HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /boot/4b4518edcaa56220f42b1301dfa0ab7b6605ae7a4d520 HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /js/4b4518edcaa56220f42b1301dfa0ab7b6605ae7a4d521 HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /APP-4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edf6/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edf7 HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,*/*;q=0.1Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /o/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9ef8c HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /x/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edfc HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31bAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /x/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edfc HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /x/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edfc HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /x/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edfc HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: global traffic HTTP traffic detected: GET /x/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edfc HTTP/1.1Host: prident-group.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=d14d0943080aaa6c06fcee8684502716
Source: unknown DNS traffic detected: queries for: prident-group.com
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Thu, 28 Mar 2024 17:52:59 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=94Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: chromecache_47.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_47.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_47.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49742 version: TLS 1.2
Source: classification engine Classification label: mal64.phis.troj.win@16/20@6/4
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2192,i,5162920525007157558,15552598535727031279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://prident-group.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 --field-trial-handle=2192,i,5162920525007157558,15552598535727031279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected

Data Obfuscation
barindex
Yara detected Html Dropper
Source: Yara match File source: 1.1.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1417197 URL: http://prident-group.com Startdate: 28/03/2024 Architecture: WINDOWS Score: 64 22 Antivirus / Scanner detection for submitted sample 2->22 24 Yara detected Html Dropper 2->24 26 Yara detected HtmlPhish10 2->26 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49386 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 prident-group.com 5.42.65.39, 49735, 49736, 49737 RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU Russian Federation 11->18 20 www.google.com 172.253.122.103, 443, 49740, 49760 GOOGLEUS United States 11->20
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
239.255.255.250
 unknown Reserved
unknown unknown false
5.42.65.39
 prident-group.com Russian Federation
39493 RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU false
172.253.122.103
 www.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
prident-group.com 5.42.65.39 true
www.google.com 172.253.122.103 true
fp2e7a.wpc.phicdn.net 192.229.211.108 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
http://prident-group.com/ false
  • Avira URL Cloud: safe
 unknown
http://prident-group.com/ASSETS/img/sig-op.svg false
  • Avira URL Cloud: safe
 unknown
http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b# false
    		unknown
    http://prident-group.com/o/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9ef8c false
    • Avira URL Cloud: safe
    		 unknown
    http://prident-group.com/boot/4b4518edcaa56220f42b1301dfa0ab7b6605ae7a4d520 false
    • Avira URL Cloud: safe
    		 unknown
    http://prident-group.com/77624fc8e83077b92433578af825365d6605ae7a1e31aLOG77624fc8e83077b92433578af825365d6605ae7a1e31b false
      		unknown
      http://prident-group.com/x/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edfc false
      • Avira URL Cloud: safe
      		 unknown
      http://prident-group.com/ASSETS/img/m_.svg false
      • Avira URL Cloud: safe
      		 unknown
      http://prident-group.com/favicon.ico false
      • Avira URL Cloud: safe
      		 unknown
      http://prident-group.com/jq/4b4518edcaa56220f42b1301dfa0ab7b6605ae7a4d51b false
      • Avira URL Cloud: safe
      		 unknown
      http://prident-group.com/1 false
      • Avira URL Cloud: safe
      		 unknown
      http://prident-group.com/APP-4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edf6/4b4518edcaa56220f42b1301dfa0ab7b6605ae7b9edf7 false
      • Avira URL Cloud: safe
      		 unknown
      http://prident-group.com/js/4b4518edcaa56220f42b1301dfa0ab7b6605ae7a4d521 false
      • Avira URL Cloud: safe
      		 unknown