Loading ...

Play interactive tourEdit tour

Analysis Report https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/?bbre=ozx9sozoizx

Overview

General Information

Sample URL:https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/?bbre=ozx9sozoizx
Analysis ID:383587
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on shot template match)
Yara detected HtmlPhish35
Yara detected HtmlPhish7
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5420 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4440 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5420 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\QXTFJG8V.htmJoeSecurity_HtmlPhish_35Yara detected HtmlPhish_35Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus / Scanner detection for submitted sampleShow sources
    Source: https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/?bbre=ozx9sozoizxSlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

    Phishing:

    barindex