Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1013395B3A658307B271B1DC4E1883316B993910DDF4B19C6B3FEC2A943D9EE1592631B |
|
CONTENT
ssdeep
|
1536:sKBPFcPayJfbZKeFP9BNavrc/WWP5qzf/alQC1g8YTPtJMdyh5Ru3MVGYzpv3hP+:sKwec/W45qzf0fG777wyXRucVPzpvxFY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8d5cbf72b7e22480 |
|
VISUAL
aHash
|
000000000000ffff |
|
VISUAL
dHash
|
6a32b0d0d0c0c160 |
|
VISUAL
wHash
|
801818187c78ffff |
|
VISUAL
colorHash
|
020000001c0 |
|
VISUAL
cropResistant
|
00c1c141d141e161,4e70b3f0d4d0d0e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.