Loading ...

Play interactive tourEdit tour

Analysis Report https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/?bbre=ozx9sozoizx

Overview

General Information

Sample URL:https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/?bbre=ozx9sozoizx
Analysis ID:383587
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on shot template match)
Yara detected HtmlPhish35
Yara detected HtmlPhish7
Phishing site detected (based on logo template match)
HTML body contains low number of good links
HTML title does not match URL

Classification

Startup

  • System is w10x64
  • iexplore.exe (PID: 5420 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
    • iexplore.exe (PID: 4440 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5420 CREDAT:17410 /prefetch:2 MD5: 071277CC2E3DF41EEEA8013E2AB58D5A)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\QXTFJG8V.htmJoeSecurity_HtmlPhish_35Yara detected HtmlPhish_35Joe Security

    Sigma Overview

    No Sigma rule has matched

    Signature Overview

    Click to jump to signature section

    Show All Signature Results

    AV Detection:

    barindex
    Antivirus / Scanner detection for submitted sampleShow sources
    Source: https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/?bbre=ozx9sozoizxSlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering

    Phishing:

    barindex
    Phishing site detected (based on shot template match)Show sources
    Source: https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/IMbIKmY6wJR6PKqGfAl4r68s4lvvdAxwICxvCSb-!&rAPxuRftLHjmUJQ53bNep8c910SX@&!nesAZoRK7avLqNt4kC1BI6fprWTG9!&@-wH3tLEh1pB4QIRpJAP0G0wJoQ0CZCyfbeF4IJ9a9pxYWfXsbeK9st00bcyBn52qom5K9Wc7VHiiU2vLuXDr0L7eC5kVipLU-E2Z0uWk5RhioTcvVa20EhMfBBwfZrJGgkJuDZa1wNXFIewx194cA5RUZLsAVEpc4V0c3TfErzm/UDwEAUMBX1nKLaeNB6cr8phbspTfaFnoYfqoQ3WiiSggkuKFq24Kw8NSxc9pBMnYnkMatcher: Template: generic matched
    Yara detected HtmlPhish35Show sources
    Source: Yara matchFile source: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\B87Z87FM\QXTFJG8V.htm, type: DROPPED
    Yara detected HtmlPhish7Show sources
    Source: Yara matchFile source: 899552.pages.csv, type: HTML
    Phishing site detected (based on logo template match)Show sources
    Source: https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/IMbIKmY6wJR6PKqGfAl4r68s4lvvdAxwICxvCSb-!&rAPxuRftLHjmUJQ53bNep8c910SX@&!nesAZoRK7avLqNt4kC1BI6fprWTG9!&@-wH3tLEh1pB4QIRpJAP0G0wJoQ0CZCyfbeF4IJ9a9pxYWfXsbeK9st00bcyBn52qom5K9Wc7VHiiU2vLuXDr0L7eC5kVipLU-E2Z0uWk5RhioTcvVa20EhMfBBwfZrJGgkJuDZa1wNXFIewx194cA5RUZLsAVEpc4V0c3TfErzm/UDwEAUMBX1nKLaeNB6cr8phbspTfaFnoYfqoQ3WiiSggkuKFq24Kw8NSxc9pBMnYnkMatcher: Template: dropbox matched
    Source: https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/IMbIKmY6wJR6PKqGfAl4r68s4lvvdAxwICxvCSb-!&rAPxuRftLHjmUJQ53bNep8c910SX@&!nesAZoRK7avLqNt4kC1BI6fprWTG9!&@-wH3tLEh1pB4QIRpJAP0G0wJoQ0CZCyfbeF4IJ9a9pxYWfXsbeK9st00bcyBn52qom5K9Wc7VHiiU2vLuXDr0L7eC5kVipLU-E2Z0uWk5RhioTcvVa20EhMfBBwfZrJGgkJuDZa1wNXFIewx194cA5RUZLsAVEpc4V0c3TfErzm/UDwEAUMBX1nKLaeNB6cr8phbspTfaFnoYfqoQ3WiiSggkuKFq24Kw8NSxc9pBMnYnkHTTP Parser: Number of links: 0
    Source: https://oatiscozxmocxixc-forgiving-hartebeest-rp.eu-gb.cf.appdomain.cloud/IMbIKmY6wJR6PKqGfAl4r68s4lvvdAxwICxvCSb-!&rAPxuRftLHjmUJQ53bNep8c910SX@&!nesAZoRK7avLqNt4kC1BI6fprWTG9!&@-wH3tLEh1pB4QIRpJAP0G0wJoQ0CZCyfbeF4IJ9a9pxYWfXsbeK9st00bcyBn52qom5K9Wc7VHiiU2vLuXDr0L7eC5kVipLU-E2Z0uWk5RhioTcvVa20EhMfBBwfZrJGgkJuDZa1wNXFIewx194cA5RUZLsAVEpc4V0c3TfErzm/UDwEAUMBX1nKLaeNB6cr8phbspTfaFnoYfqoQ3WiiSggkuKFq24Kw8NSxc9pBMnYnkHTTP Parser: Number of links: 0