Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T151B20A3BE1C0391A0193B291FB917A9FE539454DD235E560DDA8C67232D98BC81BF3E8 |
|
CONTENT
ssdeep
|
384:luOQ2FQbm6K+P2xZhWm0pmaRmPNSnbdcw/Hly+AjRVGNpjRB2YCP6DM:luOQ2FQby+uxZhWrphRmVSnbdc0oCQ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b4b5544a6beac2d4 |
|
VISUAL
aHash
|
801fff0700000040 |
|
VISUAL
dHash
|
06bc9c9f901aa082 |
|
VISUAL
wHash
|
e71fff6f4880f000 |
|
VISUAL
colorHash
|
30000600048 |
|
VISUAL
cropResistant
|
8001c833234980a1,06bc9c9f901aa082 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.