Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T117038472D2155A3B0797C7C153797B1AF692E24BCE830A96E6E4839C0B9BCD3EC11325 |
|
CONTENT
ssdeep
|
768:bHRaHVFk9PbImZDZFZDSL4QJ793cO9jLaYlkH2IddxTBdKj/OE9VTuFBCgSSHb:zramFfmFnhMWIFvaOWW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed12efb323e91068 |
|
VISUAL
aHash
|
ff3e000000fffff1 |
|
VISUAL
dHash
|
4bf4f0d4c4dc2323 |
|
VISUAL
wHash
|
ff4a000000fffff1 |
|
VISUAL
colorHash
|
13001000180 |
|
VISUAL
cropResistant
|
1b1b6c6a62409696,8460602323232323,00c0212121254545,5030797012cc50d4,96f4f0f0d4ccc49c,2323232323236061 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 937 techniques to evade detection by security scanners and make reverse engineering more difficult.