Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F621831AA10AEE171304029EFF13109995C78046EF396F5433E7063E05F8A6FE03A985 |
|
CONTENT
ssdeep
|
24:haWtuDGguDEj+6KlLBlL/c5KDteM7UEdGXmgYl7do38rr8:bCGgiEa6KRBRE5KgM7UEdGXmgYPoEI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
aa55bc4e837302fc |
|
VISUAL
aHash
|
c6920e6c3001c3c3 |
|
VISUAL
dHash
|
0c2654c9e9671b27 |
|
VISUAL
wHash
|
c6d22e6c7d31c383 |
|
VISUAL
colorHash
|
30000c00000 |
|
VISUAL
cropResistant
|
b280948e8da080a2,bbd7eeddb264c894,0c2654c9e9671b27 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.