Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A9224220509489B170A7C2E977BA478EB644931BC74BA210A7E1D36C9EE3C75CE4EF1D |
|
CONTENT
ssdeep
|
192:Yq++ncLWkAaACIB1jCncLWkF1r1tncLWkF1r1M:z/UWZa3w1j0UW21r1FUW21r1M |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8acdd76731303173 |
|
VISUAL
aHash
|
003c18183c3c3c3c |
|
VISUAL
dHash
|
6971b2b271697169 |
|
VISUAL
wHash
|
013c3d193c3d3d3d |
|
VISUAL
colorHash
|
08000400038 |
|
VISUAL
cropResistant
|
6747cdcdb52524a6,6971b2b271697169 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 107066 techniques to evade detection by security scanners and make reverse engineering more difficult.