Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T140D165D1C418DD36472286D5F7F57B1BB6D1C349CB02098053F883EB9BDECA0DA25A99 |
|
CONTENT
ssdeep
|
96:Tk6LgzeFMSftVSTkhUSPRhtcJt3bDwvFxQeVXFHFOneRXgz/JDYGGJ:Q6LgzejCGf2JJbgnT+zVxA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
da55a55a5aa5a389 |
|
VISUAL
aHash
|
fcfcfbfcfce4ffff |
|
VISUAL
dHash
|
2400022139090800 |
|
VISUAL
wHash
|
d0c0e0d0c0c4ffff |
|
VISUAL
colorHash
|
07482000000 |
|
VISUAL
cropResistant
|
2400022139090800,48ef899f17878f9d,074f972ba3974d17 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.