Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T118E1E91FD31C24180BB303E0BD707ACED25B11CDA362DB966DA8C06CA3B5B5686766C9 |
|
CONTENT
ssdeep
|
192:ylEbTPDwT/9tTvNAeRLDdifc8gGjPAON1r:ylEb7DwT/9tTvdLDdiYGjPxr |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a723ccccc619d999 |
|
VISUAL
aHash
|
f7230b0327ffffff |
|
VISUAL
dHash
|
a44e5e5e4e164600 |
|
VISUAL
wHash
|
07030323e303fffe |
|
VISUAL
colorHash
|
07003000080 |
|
VISUAL
cropResistant
|
a44e5e5e4e164600,41098ccc2b23c082,f2f8e2e6eee06a4d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.