Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18473A33111951F3ED557C7D4F6B97328436DC28DDABBC22899AE43728BC7C91EA23284 |
|
CONTENT
ssdeep
|
768:C3Yh83Ovq+5RgfAzhZgHE/DFgKArWIReaLiH/sKIRjOOqPkaNcFD+6/XIid:1uORbfofqkgcx+6/Xd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d2f36d2d1c86c2b4 |
|
VISUAL
aHash
|
006c7c7c0c00383c |
|
VISUAL
dHash
|
f048ccecece9e1e1 |
|
VISUAL
wHash
|
18ecfc7e0c143d3c |
|
VISUAL
colorHash
|
31001e40000 |
|
VISUAL
cropResistant
|
3671f1d6cc601bb3,f048ccecece9e1e1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 189678 techniques to evade detection by security scanners and make reverse engineering more difficult.