Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EA03F850A185F83E0B7722DAE3D7576BE397D359C315D919A2A4C30B8AD8D23F8B102D |
|
CONTENT
ssdeep
|
768:+Gp9x19mwy9MVp0Sl/K/K/K/K/6/K/K/K/K/NiBVL6+HAruvVRJQrTbIb1L2JHjl:+Gp9x19mwy9MVpDl/K/K/K/K/6/K/K/X |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c99661793ec1b6c1 |
|
VISUAL
aHash
|
083c7e3c18007828 |
|
VISUAL
dHash
|
f8f0f0f0f0f0d2d1 |
|
VISUAL
wHash
|
3c3e7e3c1c387838 |
|
VISUAL
colorHash
|
32001e00000 |
|
VISUAL
cropResistant
|
bc9cdcdc94129256,daeca676b2a2e2f2,f8f0f0f0f0f0d2d1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.