Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14C22DE227084752307D663ED6925939DA7E3855ACF370B06A2E08F0F5FD6E42CE1265F |
|
CONTENT
ssdeep
|
96:Tk5LiZsDjDi9zmqWPmMnQY6vpYj53ED/Yy4BN504DHGB60AYIyU+SAYIwAYIQ:AUMi9HfMQIt0Dt6yJU+wpj |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e6b3199c6649b338 |
|
VISUAL
aHash
|
ffffe7e7e7e70000 |
|
VISUAL
dHash
|
cc0c4c4d0c4c3030 |
|
VISUAL
wHash
|
00ffe7e7e7e70000 |
|
VISUAL
colorHash
|
17001000280 |
|
VISUAL
cropResistant
|
4c4c144d4d4d4d4c,000004c4cc949040,743c86c6a2816953,3000b2b228301030 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.