Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B5622131A110783746C381D1A7B25B6BF3A4C392DEA347AE63F9830E0FE6D95CC96165 |
|
CONTENT
ssdeep
|
192:iQbHva8R10qHiTQGnnf5AdysqFEmd76I2X3MNwURteBc9TJFomoaVwUFhcMQj3/Y:JmBncX3g/Ai9TiU0PMvWeXv |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ccb38c716071ce73 |
|
VISUAL
aHash
|
583c3c4078787838 |
|
VISUAL
dHash
|
d0f0e8d4caa2d0e0 |
|
VISUAL
wHash
|
7c3c3c7078787878 |
|
VISUAL
colorHash
|
30c00008000 |
|
VISUAL
cropResistant
|
000000cacee20000,d0f0e8d4caa2d0e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.