Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T119E29C30906CA47390D3CDD55728632AA2938D87CB63E709DEF783486E9EC3DDC4A955 |
|
CONTENT
ssdeep
|
384:o92pm0EtmZMKC33BEPNh3pHhG2ndjPuvwY2SGQbcNXaPrL7V6FQ88+OybvHRazpP:o9+yKScNfuvW4cZaP56OIj0AY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
82bac53dcd3dc192 |
|
VISUAL
aHash
|
000e6e0505000070 |
|
VISUAL
dHash
|
962dcccdfd34ccc2 |
|
VISUAL
wHash
|
4f0f7f610f1f0078 |
|
VISUAL
colorHash
|
30000230000 |
|
VISUAL
cropResistant
|
b3b3f296d4d0d0e0,e1e1ca132baca434,f0f0cccccc969785,962dcccdfd34ccc2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.