Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17122B161818D9FEB9342A1D193167D2632D3C31A93220804BFE5369F25FDC8A9DBF16D |
|
CONTENT
ssdeep
|
192:bioIr/AGQQPo81e3C+m8NVEMcvkvdYuD3BikvC6s2LuavU1q95KL:6fR1kRmcNC6s2LulBL |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99993339cc666666 |
|
VISUAL
aHash
|
1818101818000024 |
|
VISUAL
dHash
|
321a34b2b214086c |
|
VISUAL
wHash
|
1c1c38383c3ca1ff |
|
VISUAL
colorHash
|
38200038000 |
|
VISUAL
cropResistant
|
58d8fcdef0e0c3e0,8000010000000080,8000000000000000,321a34b2b214086c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.