Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11932648082D95E2AAB4342D8FBA479ED3BE2C1CDDAE0D144A1F945F434D0DE5CD1ADB8 |
|
CONTENT
ssdeep
|
192:seoE4nfdknfdUnfdPnfdL1nfdCAnfdanfdunfdrnfdtnfdOnfdTrU:sTnfdafdqfdffdLhfdCmfdkfdIfdLfd3 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b333adcccccccc14 |
|
VISUAL
aHash
|
ff0000cf00ffffff |
|
VISUAL
dHash
|
2a484c2f2c602223 |
|
VISUAL
wHash
|
bf00000100ffffff |
|
VISUAL
colorHash
|
06000038000 |
|
VISUAL
cropResistant
|
2020da894d494949,4cce1d3cf0222222,495a585959dc5e4a |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.