Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14C63CDF18670D86F2647FE94910B3F24529FCF2AD04E166D53ACD4DE8BC1FA4D48A268 |
|
CONTENT
ssdeep
|
1536:vFdie4S8vhrWwTqjePYehNeYe8e30GL+LgLyn:Ndie4S8vhS7ePYehNeYe8ekqu |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
caa5944b2d56ab5a |
|
VISUAL
aHash
|
fdffffe7e1f87cfc |
|
VISUAL
dHash
|
79340c0c09c9d555 |
|
VISUAL
wHash
|
0dffe7c7e0e03030 |
|
VISUAL
colorHash
|
07400030000 |
|
VISUAL
cropResistant
|
79340c0c09c9d555,3f2f1d4e0b4f4f47 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.