Analysis Report https://www.attemplate.com/can/login?id=RXpZVHpzQVhsYWw5OGFLSldqaFdmTCs0L2FVUGJTY2s4OXNuY2luVUpWeUlOWjkvMXBFZDNVSUZqdzJ6Yzd0MkdTZFBjU1o0SHByZGtGNmx3WkZWeHc1UEpCTjJ5R1ZXRk04a0pzZ3ZkK3JHU3ZWOWx6eHB4OWx3NnA2dU1SOVdYNmNsVXpMT1NLMis2ZnoxZjVHZUltL1J2Uk9Ja0dIT21HVkFOY1NlRDFtREhLekhHSG12RTJqNDZzcEFmc2ZqMHVOcktmSjZ0b0c0MDB2VFV3Qk9kSVFoOVRKNWUwQjIyaEQzWk9HTVRoZzBZWTBaclZEZGdJSEl5djQzTUFaNE1QYVJyMGdMakxYUWt4eEE1UnBoQWVpN3BaMUZxbTlOWFErVU9CNWxEcm5sYkl4WVQrSFJreS9qZFk5RDVZNEVFckNtWXJ1dk1UVXNBY01yS0lCRkdBPT0
Overview
General Information
Sample URL: | https://www.attemplate.com/can/login?id=RXpZVHpzQVhsYWw5OGFLSldqaFdmTCs0L2FVUGJTY2s4OXNuY2luVUpWeUlOWjkvMXBFZDNVSUZqdzJ6Yzd0MkdTZFBjU1o0SHByZGtGNmx3WkZWeHc1UEpCTjJ5R1ZXRk04a0pzZ3ZkK3JHU3ZWOWx6eHB4OWx3NnA2dU1SOVdYNmNsVXpMT1NLMis2ZnoxZjVHZUltL1J2Uk9Ja0dIT21HVkFOY1NlRDFtREhLekhHSG12RTJqNDZzcEFmc2ZqMHVOcktmSjZ0b0c0MDB2VFV3Qk9kSVFoOVRKNWUwQjIyaEQzWk9HTVRoZzBZWTBaclZEZGdJSEl5djQzTUFaNE1QYVJyMGdMakxYUWt4eEE1UnBoQWVpN3BaMUZxbTlOWFErVU9CNWxEcm5sYkl4WVQrSFJreS9qZFk5RDVZNEVFckNtWXJ1dk1UVXNBY01yS0lCRkdBPT0 |
Analysis ID: | 353063 |
Most interesting Screenshot: |
Detection
HTMLPhisher
Score: | 80 |
Range: | 0 - 100 |
Whitelisted: | false |
Confidence: | 100% |
Signatures
Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish_10
Yara detected HtmlPhish_14
Phishing site detected (based on image similarity)
Phishing site detected (based on logo template match)
Found iframes
HTML body contains low number of good links
HTML title does not match URL
Submit button contains javascript call
Classification
|
Malware Configuration |
---|
No configs have been found |
---|
Source | Rule | Description | Author | Strings |
---|---|---|---|---|
JoeSecurity_HtmlPhish_10 | Yara detected HtmlPhish_10 | Joe Security | ||
JoeSecurity_HtmlPhish_14 | Yara detected HtmlPhish_14 | Joe Security |
Sigma Overview |
---|
No Sigma rule has matched |
---|
Signature Overview |
---|
- • AV Detection
- • Phishing
- • Compliance
- • Networking
- • System Summary
Click to jump to signature section
Show All Signature Results
AV Detection: |
---|
Antivirus / Scanner detection for submitted sample |
Source: | UrlScan: | Perma Link |
Phishing: |
---|
Phishing site detected (based on favicon image match) |
Source: | Matcher: |
Yara detected HtmlPhish_10 |
Source: | File source: |
Yara detected HtmlPhish_14 |
Source: | File source: |
Phishing site detected (based on image similarity) |
Source: | Matcher: | Jump to dropped file | ||
Source: | Matcher: | Jump to dropped file |
Phishing site detected (based on logo template match) |
Source: | Matcher: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: | ||
Source: | HTTP Parser: |
Compliance: |
---|
Uses new MSVCR Dlls |
Source: | File opened: | Jump to behavior |
Uses secure TLS version for HTTPS connections |
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: | ||
Source: | HTTPS traffic detected: |
Source: | String found in binary or memory: |