Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1582350349198E83B51ABD1E6A675670F73E1D38ADF932740A3F883AD1BD6DA2CC21045 |
|
CONTENT
ssdeep
|
384:TJyLOoAPP9mvK2M5DRNR+2+0awRUuGuFNMzDJUr5cx1kPwLfbIv0T2n+7XNQK1lX:TJyLOoaFmvKNNR+2+0fW6v+TX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ce9b31643039cece |
|
VISUAL
aHash
|
803c3c1818180000 |
|
VISUAL
dHash
|
16696932a0201820 |
|
VISUAL
wHash
|
9e3d7c3c7c3c5840 |
|
VISUAL
colorHash
|
380022000c0 |
|
VISUAL
cropResistant
|
16696932a0201820 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.