Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DD71013121184D36B183C3E8F7F5721F72A9835ADF17560E96F883ACBAD6D94CC6A184 |
|
CONTENT
ssdeep
|
48:9vNmTNMckZDF+l2Q/Im3vBHo4NSirMSmwvQ9aTGKk9aA9a2rUl5sSCDTh+:9DZDMlZBIIF/V0GGKYxwwLDTh+ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ada7039d9272dc8c |
|
VISUAL
aHash
|
ff8383c39b9b0000 |
|
VISUAL
dHash
|
7f17171732320f57 |
|
VISUAL
wHash
|
ffc7c3c3db9b0000 |
|
VISUAL
colorHash
|
08201040040 |
|
VISUAL
cropResistant
|
3078c8966cc9820e,fffb3d37b7373533,4074b26474836460,383ab2929ab40283,7f17171732320f57 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.