Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F8D1F17FD02890462B13CEF6F7C1724CABE36B0DC9E0AC8075F5055AA2A99739D609D7 |
|
CONTENT
ssdeep
|
192:HwP2uDTdCSVK3TK3MEtK3BWPiPMtPXiVixtiniXpNtj/lil+tlOl2l2lwON1r:Hm2uDTdCSVgut6Wa0t/4atqApNtj/g0m |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc4cb3488bbb69b1 |
|
VISUAL
aHash
|
f0f0f0f0f0f0ffff |
|
VISUAL
dHash
|
a7e60666e6a70788 |
|
VISUAL
wHash
|
f010e0f0f0f0f0ff |
|
VISUAL
colorHash
|
07000000038 |
|
VISUAL
cropResistant
|
a7e60666e6a70788,a282b23a3baaa6aa,fefc71fce869defc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.