Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T180613F52C3957E0F165898F5E672FBA99701028B93134E54FA64672FBCCC561D8233EC |
|
CONTENT
ssdeep
|
96:tQTstabaRtOtMtwMaTuu2BjddHOctd1tP36t9AwequI5CFDIpRcP:tQs4+RcqafTUjddHOc5h6x+FDIpRi |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8f8f16965a5ad852 |
|
VISUAL
aHash
|
3f3fffffffff0000 |
|
VISUAL
dHash
|
f86641e14bc0c910 |
|
VISUAL
wHash
|
1c3f3d7d7b3f0000 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
f8ec6541e1cb40e9,24d32c2c2c2c8100,0034c8191393c900,200c407171542000,e9c9d82680000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.