Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CFB30C30D8829A3765CB8AF8B771AB1F36DAC302DC974A0A53FA93494FC6C91DE55205 |
|
CONTENT
ssdeep
|
3072:yJqlKv4yxFzPNsCLkIG/PM7BipMmVLwm5fzd8hbuD0njdNYSSBkAtFQqFfJLVpPp:yftRYXkrav |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b43ecb498d0ab596 |
|
VISUAL
aHash
|
01000000020040ff |
|
VISUAL
dHash
|
738d0c969696a14e |
|
VISUAL
wHash
|
ffc487434242c0ff |
|
VISUAL
colorHash
|
39000010180 |
|
VISUAL
cropResistant
|
0000080c0c525a1e,738d0c0696969681 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6855 techniques to evade detection by security scanners and make reverse engineering more difficult.