Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T191326033A600ED6A8D9B55C8F2C0D588511AD385FB3148C6B1B091FF7BC4DF169A93AD |
|
CONTENT
ssdeep
|
192:4t3JidGnxxCgMcnthWeNWbQN969/9z5Z7RVfMmUU8VCoIU:T/INoph5Z7RVfMmUFCoIU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b030cdcfc330c9cf |
|
VISUAL
aHash
|
c7c7c7c7ffffffff |
|
VISUAL
dHash
|
9d9d9d9d1c000400 |
|
VISUAL
wHash
|
40000000043c0d0c |
|
VISUAL
colorHash
|
06000000038 |
|
VISUAL
cropResistant
|
9d9d9d9d1c000400,ccf3b3dce069dcfc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.