Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B1227521D0017F3B469391E3ABA9B35AB7848249D7831B0126FC43EE67C0F6EDC75689 |
|
CONTENT
ssdeep
|
192:XnyEQeh6FtKTtUZC2LtBeTVvwHFnMXHn1ODprP98:iymoMOwHFM31OF98 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8db670369076dc9a |
|
VISUAL
aHash
|
46383c383c3800da |
|
VISUAL
dHash
|
8cf07172f37253b2 |
|
VISUAL
wHash
|
463e3c383c3838fe |
|
VISUAL
colorHash
|
0fc00000000 |
|
VISUAL
cropResistant
|
383815456d55d5d5,685854554d4d5554,bebefe1636febefc,fefefe272ffebefc,8cf07172f37253b2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.