Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F85142006040FD2A05831AF9A3A27F5627F48734E21225449CEED7AE1FB6C49C6773E6 |
|
CONTENT
ssdeep
|
48:TVZ8W+AvEEvIJEI8lSSODkd0gLvgtKdhe8zViwKyKXVsDtHr:TVOwvrv8FPgLvg0HZIUKXSDd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9f1ff060601f1f1c |
|
VISUAL
aHash
|
003f1f1ff3f7ffff |
|
VISUAL
dHash
|
99666c6686060004 |
|
VISUAL
wHash
|
001f1f1f8000ffff |
|
VISUAL
colorHash
|
06007000000 |
|
VISUAL
cropResistant
|
6666646786660000,04181a59b9b9a64d,013844b0b25f5f5d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.