Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13F01AB50C0598C779402A1E82BD1BA173A88C391C6672B04ABF8D3AD3EE7C45CAA6294 |
|
CONTENT
ssdeep
|
12:hRwMy7FUONhOWJ3syjdiK++21q3ZclvXHF0Dv3oJD9kD313B+VIWyZ30uKP7Qg4m:hR/CzhNJ3sZa2fVDN9ulRNJ03Qpm |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8766079bd89b1b64 |
|
VISUAL
aHash
|
3f3f3f3f3f3f3f3f |
|
VISUAL
dHash
|
6866666c68686868 |
|
VISUAL
wHash
|
040004000f0f0f0f |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
a0dc9c9880808080,00304cb2b24c3000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.