Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18A24A5B3517C143A2AA74FC48128332BB5CBA04FCD5656D6E3B9C3A453FEDC1A462693 |
|
CONTENT
ssdeep
|
6144:vLZD0T5FYCCFw2B+NO7ozX9ZU4h2Bk+vk+o+fxN26ytA8OU9mX4GtP2tf0Z86W9E:DZuFYCCFw24UbsQfkRmX4GtP2tf0Z86N |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a912cd962d4bc53b |
|
VISUAL
aHash
|
0003010107fffbfb |
|
VISUAL
dHash
|
9fdbdbdb3f3b3333 |
|
VISUAL
wHash
|
010701010ffffbfb |
|
VISUAL
colorHash
|
03008000e00 |
|
VISUAL
cropResistant
|
9fdbdb9b3f3b3333,9dffdf9bdbdb3b3f,f37171d191b15273,4b979232391d1f87 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.