Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T105725152F6026D52106F06CBE0166ACE40C90ACFCF5949B555F50BECFBB2CF07DA9AA4 |
|
CONTENT
ssdeep
|
96:aC+bwbdDKW6TN8UUPEU3CHZw5IZWP+PBuS5AYi5Nga7pmEmqmPmcYIZVFgoHkPfk:QbjX8UeaGZb98qZxD493wj0Voztk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c9c93c3cc3c33c3c |
|
VISUAL
aHash
|
0000007e3c180000 |
|
VISUAL
dHash
|
163361c8f0338e60 |
|
VISUAL
wHash
|
988098fe7e184200 |
|
VISUAL
colorHash
|
00038000000 |
|
VISUAL
cropResistant
|
9088a8aaaaaa8892,814cb2a2aa028080,163361c8f0338e60 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 629 techniques to evade detection by security scanners and make reverse engineering more difficult.