Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1705296A28404542B121684C97617FB4B2583A342CFB6085567D583AB7FEFAF0DCBF396 |
|
CONTENT
ssdeep
|
192:JSiS7oiwQcvgEBzek9em3kNmR3w2n50DowKNm3hz3pj0Jm1t:JSiS7oiwQeFUNmVdNm53pjYm1t |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b1316546cf4f3319 |
|
VISUAL
aHash
|
00c3c3ffffe7ffff |
|
VISUAL
dHash
|
960e9e1e320f0c00 |
|
VISUAL
wHash
|
00c3c0c0cbc3e7ff |
|
VISUAL
colorHash
|
06000000180 |
|
VISUAL
cropResistant
|
968e9e0e320f0c00,371f5b46428c2484,0000001010101000,094cb29686accd5d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.