Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E1032C72B099B11D12559B81D9B0F3ABCB42C9059FF00E06D8528F8AFD46BB179F235E |
|
CONTENT
ssdeep
|
768:5X4FIZ42+WspvMso4EfAtyCY0YUvwpwt4x4n4f4Dq4Z:WFIZ42+WspvMso4EfAtyCY0YUvwpwt4m |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
84b13d1fca686ace |
|
VISUAL
aHash
|
007fffffff00001f |
|
VISUAL
dHash
|
92d6cc846555f0ae |
|
VISUAL
wHash
|
004fffffff00001c |
|
VISUAL
colorHash
|
11200048018 |
|
VISUAL
cropResistant
|
c2c069cc6a3b31e3,6d6cacd8c09dd1c0,409c99999d98c4f8,d5d5c4f2ed66670e,ad1f5f6e67e373f4,8e862622aab03079,8282800101014545,92d6cc846555f0ae |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.