Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A7A2E97BE1C0182D028721E1EB117E9BE125462DC637E460DE9CC29677D5CE884BB2EF |
|
CONTENT
ssdeep
|
384:4JvJQaJPQbJgMtLtSlqq05aXdMyMGLhxWR8MlwpZOIcUJ5giP3pjSgkNPkB1dU:4JvJQaJPQbJftL+qq05ajbu8zZwizkND |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c1ee7c7ca1a15938 |
|
VISUAL
aHash
|
6074387f7e00007c |
|
VISUAL
dHash
|
86e5e8cbccf0ccc0 |
|
VISUAL
wHash
|
60747c7f3e38207c |
|
VISUAL
colorHash
|
30200448000 |
|
VISUAL
cropResistant
|
00429d8c96922100,86e5e8cbccf0ccc0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.