Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B4430BE938556016477340E394BF2B4AB739182FF82C45A1A178DBE571FC8A5302BF5B |
|
CONTENT
ssdeep
|
768:KyWuP/WyCM51usHFDvtsZLoR2r18n+6/u/cocX8UkNKWI/i7WAQ3R3QLPBAPMY8Y:uAUyOloQzZs8oWQbp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e520719b7427df24 |
|
VISUAL
aHash
|
c3c3c3c3c3ffe7c3 |
|
VISUAL
dHash
|
9696969696009696 |
|
VISUAL
wHash
|
c3c3c3c3c3c7c3c2 |
|
VISUAL
colorHash
|
1720b000040 |
|
VISUAL
cropResistant
|
9696969696009696,b2e8b03284949486,508ab365f131b39a |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 701 techniques to evade detection by security scanners and make reverse engineering more difficult.