Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E9126633A114C51A4E9BD5CCFAC4F68DA19AD305FB318882E2E4617F6BC5CE8697136C |
|
CONTENT
ssdeep
|
192:EYc3cCqVvsNIvRvTDE97IQZk3fMmUU8VCotn:Tc3cCqVvrJTI97It3fMmUFCoV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b030c666cb3997cd |
|
VISUAL
aHash
|
c7c78787c7c7c7ff |
|
VISUAL
dHash
|
0d1d1d9d9d0d0f42 |
|
VISUAL
wHash
|
87078707878781ff |
|
VISUAL
colorHash
|
06000000038 |
|
VISUAL
cropResistant
|
0d1d1d9d9d0d0f42,f7f3ffeefefef636,c845f4dccaa68606 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.