Play interactive tourEdit tour

Analysis Report https://www.dropbox.com/l/AAAm10tD0uv-gx1gp4jb3hg6ESrwsmIvm8g

Overview

General Information

 Sample URL: https://www.dropbox.com/l/AAAm10tD0uv-gx1gp4jb3hg6ESrwsmIvm8g Analysis ID: 299002 Most interesting Screenshot:

Detection

HTMLPhisher
 Score: 72 Range: 0 - 100 Whitelisted: false Confidence: 100%

Signatures

Antivirus detection for URL or domain
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish_20
Machine Learning detection for dropped file
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL
Submit button contains javascript call
Yara signature match

Malware Configuration

No configs have been found
SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\login[1].htmSUSP_Base64_Encoded_Hex_Encoded_CodeDetects hex encoded code that has been base64 encodedFlorian Roth
• 0x316e:$x1: 78 34 4E 7A 42 63 65 44 63 31 58 48 67 • 0x3182:$x1: 78 34 4E 6A 6C 63 65 44 5A 6C 58 48 67
• 0x3192:$x1: 78 34 4E 6A 56 63 65 44 63 79 58 48 67 • 0x31a2:$x1: 78 34 4E 54 52 63 65 44 52 6B 58 48 67
• 0x31b6:$x1: 78 34 4E 6A 4E 63 65 44 63 79 58 48 67 • 0x31c6:$x1: 78 34 4E 6A 46 63 65 44 63 30 58 48 67
• 0x31d6:$x1: 78 34 4E 44 56 63 65 44 5A 6A 58 48 67 • 0x31e6:$x1: 78 34 4E 6D 52 63 65 44 59 31 58 48 67
• 0x3232:$x1: 78 34 4E 7A 56 63 65 44 63 30 58 48 67 • 0x3242:$x1: 78 34 4E 7A 56 63 65 44 63 30 58 48 67
• 0x3252:$x1: 78 34 4E 6D 56 63 65 44 59 30 58 48 67 • 0x3276:$x1: 78 34 4E 7A 52 63 65 44 55 77 58 48 67
• 0x3286:$x1: 78 34 4E 7A 4A 63 65 44 59 31 58 48 67 • 0x32be:$x1: 78 34 4E 6D 56 63 65 44 59 30 58 48 67
• 0x330a:$x1: 78 34 4E 6D 5A 63 65 44 59 30 58 48 67 • 0x332e:$x1: 78 34 4E 6D 56 63 65 44 59 7A 58 48 67
• 0x333e:$x1: 78 34 4E 6A 6C 63 65 44 5A 6D 58 48 67 • 0x335e:$x1: 78 34 4E 32 4A 63 65 44 42 68 58 48 67
• 0x339e:$x1: 78 34 4E 6D 56 63 65 44 59 30 58 48 67 • 0x33ae:$x1: 78 34 4E 7A 64 63 65 44 4A 6C 58 48 67
• 0x33be:$x1: 78 34 4E 6D 5A 63 65 44 59 7A 58 48 67 C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\WJ8I2OL4\index[1].htmSUSP_Base64_Encoded_Hex_Encoded_CodeDetects hex encoded code that has been base64 encodedFlorian Roth • 0x672:$x1: 78 34 4E 7A 5A 63 65 44 59 78 58 48 67
• 0x682:$x1: 78 34 4E 6A 6C 63 65 44 59 30 58 48 67 • 0x692:$x1: 78 34 4E 6A 5A 63 65 44 59 7A 58 48 67
• 0x6a2:$x1: 78 34 4E 6A 56 63 65 44 59 7A 58 48 67 • 0x6c2:$x1: 78 34 4E 6A 46 63 65 44 59 33 58 48 67
• 0x6d6:$x1: 78 34 4E 6A 6C 63 65 44 5A 6C 58 48 67 • 0x6e6:$x1: 78 34 4E 6A 46 63 65 44 5A 6A 58 48 67
• 0x6f6:$x1: 78 34 4E 6A 52 63 65 44 49 77 58 48 67 • 0x706:$x1: 78 34 4E 6D 56 63 65 44 59 7A 58 48 67
• 0x716:$x1: 78 34 4E 6D 52 63 65 44 63 77 58 48 67 • 0x726:$x1: 78 34 4E 6A 56 63 65 44 63 7A 58 48 67
• 0x736:$x1: 78 34 4E 6A 56 63 65 44 59 30 58 48 67 • 0x746:$x1: 78 34 4E 6A 4A 63 65 44 5A 6A 58 48 67
• 0x756:$x1: 78 34 4E 6A 4E 63 65 44 5A 69 58 48 67 • 0x766:$x1: 78 34 4E 6A 68 63 65 44 59 31 58 48 67
• 0x776:$x1: 78 34 4E 6A 52 63 65 44 59 31 58 48 67 • 0x7aa:$x1: 78 34 4E 6D 4E 63 65 44 59 35 58 48 67
• 0x7ca:$x1: 78 34 4E 6A 5A 63 65 44 5A 6A 58 48 67 • 0x7da:$x1: 78 34 4E 7A 52 63 65 44 59 31 58 48 67
• 0x7ea:$x1: 78 34 4E 7A 42 63 65 44 63 79 58 48 67 • 0x7fa:$x1: 78 34 4E 7A 52 63 65 44 5A 6D 58 48 67
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\MEEXW4H4\login[1].htmSUSP_Base64_Encoded_Hex_Encoded_CodeDetects hex encoded code that has been base64 encodedFlorian Roth
• 0x316e:$x1: 78 34 4E 7A 42 63 65 44 63 31 58 48 67 • 0x3182:$x1: 78 34 4E 6A 6C 63 65 44 5A 6C 58 48 67
• 0x3192:$x1: 78 34 4E 6A 56 63 65 44 63 79 58 48 67 • 0x31a2:$x1: 78 34 4E 54 52 63 65 44 52 6B 58 48 67
• 0x31b6:$x1: 78 34 4E 6A 4E 63 65 44 63 79 58 48 67 • 0x31c6:$x1: 78 34 4E 6A 46 63 65 44 63 30 58 48 67
• 0x31d6:$x1: 78 34 4E 44 56 63 65 44 5A 6A 58 48 67 • 0x31e6:$x1: 78 34 4E 6D 52 63 65 44 59 31 58 48 67
• 0x3232:$x1: 78 34 4E 7A 56 63 65 44 63 30 58 48 67 • 0x3242:$x1: 78 34 4E 7A 56 63 65 44 63 30 58 48 67
• 0x3252:$x1: 78 34 4E 6D 56 63 65 44 59 30 58 48 67 • 0x3276:$x1: 78 34 4E 7A 52 63 65 44 55 77 58 48 67
• 0x3286:$x1: 78 34 4E 7A 4A 63 65 44 59 31 58 48 67 • 0x32be:$x1: 78 34 4E 6D 56 63 65 44 59 30 58 48 67
• 0x330a:$x1: 78 34 4E 6D 5A 63 65 44 59 30 58 48 67 • 0x332e:$x1: 78 34 4E 6D 56 63 65 44 59 7A 58 48 67
• 0x333e:$x1: 78 34 4E 6A 6C 63 65 44 5A 6D 58 48 67 • 0x335e:$x1: 78 34 4E 32 4A 63 65 44 42 68 58 48 67
• 0x339e:$x1: 78 34 4E 6D 56 63 65 44 59 30 58 48 67 • 0x33ae:$x1: 78 34 4E 7A 64 63 65 44 4A 6C 58 48 67
• 0x33be:\$x1: 78 34 4E 6D 5A 63 65 44 59 7A 58 48 67

Sigma Overview

No Sigma rule has matched

Signature Overview

AV Detection:

 Antivirus detection for URL or domain Show sources
 Machine Learning detection for dropped file Show sources
 Source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Business Proposals from Centralkal Drilling Pty Ltd.pdf.37e9j4y.partial Joe Sandbox ML: detected

Phishing:

 Phishing site detected (based on favicon image match) Show sources