Loading ...

Play interactive tourEdit tour

Windows Analysis Report https://473282.myshoptet.com/surelet01/

Overview

General Information

Sample URL:https://473282.myshoptet.com/surelet01/
Analysis ID:502494
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score:76
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Found iframes
No HTML title found
Form action URLs do not match main URL

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 6312 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --start-maximized --enable-automation 'https://473282.myshoptet.com/surelet01/' MD5: C139654B5C1438A95B321BB01AD63EF6)
    • chrome.exe (PID: 6528 cmdline: 'C:\Program Files\Google\Chrome\Application\chrome.exe' --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1524,6113479614288932569,12517739123380968407,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1932 /prefetch:8 MD5: C139654B5C1438A95B321BB01AD63EF6)
  • cleanup

Malware Configuration

No configs have been found

Yara Overview

No yara matches

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

barindex
Antivirus / Scanner detection for submitted sampleShow sources
Source: https://473282.myshoptet.com/surelet01/SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domainShow sources
Source: https://twotowersprotest.org/post/PDF/SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on favicon image match)Show sources
Source: https://twotowersprotest.org/post/PDF/Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10Show sources
Source: Yara matchFile source: 50331.8.pages.csv, type: HTML
Phishing site detected (based on image similarity)Show sources
Source: https://twotowersprotest.org/post/PDF/Matcher: Found strong image similarity, brand: Microsoft image: 50331.8.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: Number of links: 0
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: https://www.googletagmanager.com/ns.html?id=GTM-W8H93G
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: https://platform.twitter.com/widgets/widget_iframe.58065ae230495f5d9e4b6a916472b2c1.html?origin=https%3A%2F%2Fwww.shoptet.sk
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: //11189376.fls.doubleclick.net/activityi;src=11189376;type=invmedia;cat=rmkt_0;ord=7309702678925;gtm=2wgab0;auiddc=1347560484.1634163607;~oref=https%3A%2F%2Fwww.shoptet.sk%2F%3Futm_source%3Dfooter%26utm_medium%3Dlink%26utm_campaign%3Dcreate_by_shoptet?
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Iframe src: https://vars.hotjar.com/box-acff0d328b74363875a0a6075e6c8439.html
Source: https://473282.myshoptet.com/login/?backTo=%2Fsurelet01%2FHTTP Parser: HTML title missing
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: HTML title missing
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: HTML title missing
Source: https://473282.myshoptet.com/login/?backTo=%2FHTTP Parser: HTML title missing
Source: https://twitter.com/intent/tweet?url=HTTP Parser: HTML title missing
Source: https://www.shoptet.sk/?utm_source=footer&utm_medium=link&utm_campaign=create_by_shoptetHTTP Parser: Form action: https://www.facebook.com/tr/ shoptet facebook
Source: https://473282.myshoptet.com/login/?backTo=%2Fsurelet01%2FHTTP Parser: No <meta name="author".. found
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: No <meta name="author".. found
Source: https://473282.myshoptet.com/login/?backTo=%2FHTTP Parser: No <meta name="author".. found
Source: https://twitter.com/intent/tweet?url=HTTP Parser: No <meta name="author".. found
Source: https://473282.myshoptet.com/login/?backTo=%2Fsurelet01%2FHTTP Parser: No <meta name="copyright".. found
Source: https://twotowersprotest.org/post/PDF/HTTP Parser: No <meta name="copyright".. found
Source: https://473282.myshoptet.com/login/?backTo=%2FHTTP Parser: No <meta name="copyright".. found
Source: https://twitter.com/intent/tweet?url=HTTP Parser: No <meta name="copyright".. found
Source: unknownHTTPS traffic detected: 185.64.219.42:443 -> 192.168.2.4:49816 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.64.219.42:443 -> 192.168.2.4:49818 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.64.219.42:443 -> 192.168.2.4:49817 version: TLS 1.2
Source: unknownHTTPS traffic detected: 192.229.221.185:443 -> 192.168.2.4:49958 version: TLS 1.2
Source: unknownHTTPS traffic detected: 185.64.219.37:443 -> 192.168.2.4:50067 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: 473282.myshoptet.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49985
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49984
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49983
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49982
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49981
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49980
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50211 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49979
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49978
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49977
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49976
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49975
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49974
Source: unknownNetwork traffic detected: HTTP traffic on port 50085 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50360 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49973
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49972
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49971
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49970
Source: unknownNetwork traffic detected: HTTP traffic on port 50417 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50004 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49969
Source: unknownNetwork traffic detected: HTTP traffic on port 49978 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49968
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49967
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49966
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49965
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49964
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49963
Source: unknownNetwork traffic detected: HTTP traffic on port 50359 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49962
Source: unknownNetwork traffic detected: HTTP traffic on port 49966 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50189 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50073 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50028 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50303 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50269 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49958
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50280 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49944 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50337 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50051 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50396 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50153 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50382 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49945
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49944
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49943
Source: unknownNetwork traffic detected: HTTP traffic on port 49922 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49968 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50221 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50026 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50270 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 50347 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50335 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50247 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50095 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50370 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50407 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50155 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49991 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 50313 -> 443
Source: unknown