Play interactive tourEdit tour
Analysis Report xerox for hycite.htm
Overview
General Information
Detection
HTMLPhisher
Score: | 76 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish_10
Yara detected obfuscated html page
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)
HTML body contains low number of good links
HTML title does not match URL
IP address seen in connection with other malware
Invalid 'forgot password' link found
JA3 SSL client fingerprint seen in connection with other malware
Classification
Startup |
---|
|
Malware Configuration |
---|
No configs have been found |
---|
Yara Overview |
---|
Initial Sample |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_Obshtml | Yara detected obfuscated html page | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
Click to jump to signature section
Show All Signature Results
Phishing: |
---|
Phishing site detected (based on favicon image match) | Show sources |
Source: | Matcher: |
Yara detected HtmlPhish_10 | Show sources |
Source: | File source: |
Yara detected obfuscated html page | Show sources |
Source: | File source: |
Phishing site detected (based on image similarity) | Show sources |
Source: | Matcher: |
Phishing site detected (based on logo template match) | Show sources |
Source: | Matcher: |
Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code) | Show sources |
Source: | HTTP Parser: |