Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CC921A9353081B3706F70382BE496BC4E363946DD7055F9865EC425C93EAD3463BBB64 |
|
CONTENT
ssdeep
|
192:aK13E8iI3bjDJGsW/rDp9SMcIo3XbKeuvkfdXXmxzzorX/mtGvfMsqdgqJuIatTB:ZE8B3bjtG4IoHecdXXkzUr/2s9+ul |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b88ec7983c3366c3 |
|
VISUAL
aHash
|
ffffcfc3c3c3c3c3 |
|
VISUAL
dHash
|
65401f17371f1b0e |
|
VISUAL
wHash
|
ffbf878383838181 |
|
VISUAL
colorHash
|
06601008000 |
|
VISUAL
cropResistant
|
65401f17371f1b0e,363a6a3236343c34 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 817 techniques to evade detection by security scanners and make reverse engineering more difficult.