Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T172335F623029853B8073C6C0E17A7F2D70EAF34BDA0D151595BD027A5FDFEA6B4122B9 |
|
CONTENT
ssdeep
|
1536:/XD5SDDySECUSDDySECi4gH4fi9C3uXJDreeXaeepXewaGeuXfeWVceLey4O/Dko:/XYgH4TD |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
983722dc8c7698dd |
|
VISUAL
aHash
|
04181c1818180018 |
|
VISUAL
dHash
|
44687032b2b20833 |
|
VISUAL
wHash
|
ff3c3e191918183d |
|
VISUAL
colorHash
|
38038000000 |
|
VISUAL
cropResistant
|
a280a096968482a2,44687032b2b20833 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.