Automated Malware Analysis IOC Report for

Files

File Path

Type

URLs

Name

Malicious

https://t.email.currys.co.uk/r/?id=h7aa4a341,8b3374d,743904&p1=concretocasa.com.br%2Fhtml%2Fssl%2Ffyvqcw/anBlcmtpbnNAaGFycmlzd2lsbGlhbXMuY29t

Details

Filetype:	URL
Filename:	https://t.email.currys.co.uk/r/?id=h7aa4a341,8b3374d,743904&p1=concretocasa.com.br%2Fhtml%2Fssl%2Ffyvqcw/anBlcmtpbnNAaGFycmlzd2lsbGlhbXMuY29t

Signature Hits	Behavior Group	Mitre Attack
Yara detected HtmlPhish10	Phishing
Phishing site detected (based on shot match)	Phishing
Phishing site detected (based on image similarity)	Phishing
HTML page contains hidden URLs or javascript code	Phishing
Yara signature match	System Summary
Invalid 'forgot password' link found	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
HTML body contains password input	Phishing
Performs DNS lookups	Networking	Non-Application Layer Protocol
Classification label	System Summary
Uses HTTPS	Networking	Encrypted Channel Application Layer Protocol
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Spawns processes	System Summary	Process Injection
Connects to IPs without corresponding DNS lookups	Networking
META author tag missing	Phishing
Creates files inside the program directory	System Summary
HTML page is missing a favicon	Phishing
META copyright tag missing	Phishing
Creates a directory in C:\Program Files	Compliance, System Summary	Masquerading
Uses secure TLS version for HTTPS connections	Compliance, Networking
Found graphical window changes (likely an installer)	System Summary

https://mego6knkfy6446e58a59d14.ptalen.ru/e3b52af7f42b89943d3cf517518321e0647f4edf9d1ccPASe3b52af7f42b89943d3cf517518321e0647f4edf9d1ce

Details

Name:	https://mego6knkfy6446e58a59d14.ptalen.ru/e3b52af7f42b89943d3cf517518321e0647f4edf9d1ccPASe3b52af7f42b89943d3cf517518321e0647f4edf9d1ce
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Phishing site detected (based on image similarity)	Phishing
HTML body contains low number of good links	Phishing
HTML title does not match URL	Phishing
Invalid 'forgot password' link found	Phishing
HTML body contains password input	Phishing
HTML page is missing a favicon	Phishing
META author tag missing	Phishing
META copyright tag missing	Phishing

https://mego6knkfy6446e58a59d14.ptalen.ru/Mjperkins@harriswilliams.com

Details

Name:	https://mego6knkfy6446e58a59d14.ptalen.ru/Mjperkins@harriswilliams.com
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser

Signature Hits	Behavior Group	Mitre Attack
Phishing site detected (based on shot match)	Phishing
HTML page contains hidden URLs or javascript code	Phishing
HTML page is missing a favicon	Phishing

https://concretocasa.com.br/html/ssl/fyvqcw/anBlcmtpbnNAaGFycmlzd2lsbGlhbXMuY29t

https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/dp0qq/0x4AAAAAAADnPIDROrmt1Wwj/light/normal

Details

Name:	https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/dp0qq/0x4AAAAAAADnPIDROrmt1Wwj/light/normal
TargetID:	0
From Memory:	false
Current Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Source:	browser
Reputation:	high

Signature Hits	Behavior Group	Mitre Attack
Phishing site detected (based on shot match)	Phishing
HTML page is missing a favicon	Phishing

Domains

Name

Malicious

mego6knkfy6446e58a59d14.ptalen.ru

172.67.173.146

a.nel.cloudflare.com

35.190.80.1

accounts.google.com

142.250.186.77

challenges.cloudflare.com

104.18.7.185

concretocasa.com.br

185.201.10.27

www.google.com

142.250.185.164

clients.l.google.com

142.250.185.174

dixonsretail-mkt-prod1-ssl1-2796-396715988.eu-west-1.elb.amazonaws.com

52.31.211.174

unpkg.com

104.16.126.175

cs1025.wpc.upsiloncdn.net

152.199.23.72

aadcdn.msauthimages.net

unknown

clients2.google.com

unknown

t.email.currys.co.uk

unknown

There are 3 hidden domains, click here to show them.

IPs

Domain

Country

Malicious

142.250.186.35

unknown

United States

192.168.2.2

unknown

104.18.7.185

challenges.cloudflare.com

United States

1.1.1.1

unknown

Australia

34.104.35.123

unknown

United States

192.168.2.1

unknown

152.199.23.72

cs1025.wpc.upsiloncdn.net

United States

172.217.18.4

unknown

United States

52.31.211.174

dixonsretail-mkt-prod1-ssl1-2796-396715988.eu-west-1.elb.amazonaws.com

United States

142.250.181.234

unknown

United States

185.201.10.27

concretocasa.com.br

Germany

239.255.255.250

unknown

Reserved

142.250.185.174

clients.l.google.com

United States

142.250.185.164

www.google.com

United States

35.190.80.1

a.nel.cloudflare.com

United States

142.250.184.227

unknown

United States

172.67.173.146

mego6knkfy6446e58a59d14.ptalen.ru

United States

142.250.186.77

accounts.google.com

United States

104.16.126.175

unpkg.com

United States

There are 9 hidden IPs, click here to show them.

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Report
https://t.email.currys.co.uk/r/?id=h7aa4a341,8b3374d,743904&p1=concretocasa.com.br%2Fhtml%2Fssl%2Ffyvqcw/anBlcmtpbnNAaGFycmlzd2lsbGlhbXMuY29t

Files

URLs

Domains

IPs

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

IOC Reporthttps://t.email.currys.co.uk/r/?id=h7aa4a341,8b3374d,743904&p1=concretocasa.com.br%2Fhtml%2Fssl%2Ffyvqcw/anBlcmtpbnNAaGFycmlzd2lsbGlhbXMuY29t

Files

URLs

Domains

IPs

IOC Report
https://t.email.currys.co.uk/r/?id=h7aa4a341,8b3374d,743904&p1=concretocasa.com.br%2Fhtml%2Fssl%2Ffyvqcw/anBlcmtpbnNAaGFycmlzd2lsbGlhbXMuY29t