Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T163D351B2D168047B6227D2C943787F5FB681864BCFA3079A6AE8C3D05F8BEC1EC12555 |
|
CONTENT
ssdeep
|
3072:d1OVbRxDGgSk7H1TYTyli1zWFGYTyq63YgVm7nVm7iVm7432vFJDFDSzf:d6H1kq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bfc343be59ec4024 |
|
VISUAL
aHash
|
3ebf00ff97978300 |
|
VISUAL
dHash
|
626262632e26262e |
|
VISUAL
wHash
|
00bf02ffb7b7a300 |
|
VISUAL
colorHash
|
07c00010000 |
|
VISUAL
cropResistant
|
60626a632e2e262e,8060809090608102,b999eab2b6d1b630,451de5e5e5e51d85,4040404040404040,2f2e2f27262f2ee1,3c3e3e3c3c3c2607 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 636 techniques to evade detection by security scanners and make reverse engineering more difficult.