Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18A83547291942067020386C8F1E1BF5EE6D3821DDF838495E2F543D96FDAD90ACA9B1F |
|
CONTENT
ssdeep
|
1536:ZW3WNV14vPZAvBgv+VKkbeOvEEdv4UMxm2:4i14ueJzUWm2 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
dab525ca3e6b5052 |
|
VISUAL
aHash
|
00fffefcfcfcf800 |
|
VISUAL
dHash
|
2b0ad07535812b31 |
|
VISUAL
wHash
|
00fffc1cfcf8f000 |
|
VISUAL
colorHash
|
07000030008 |
|
VISUAL
cropResistant
|
2b2ad07535b5a16b,0626cadc0e945515,4f4f072b290b870f,517535b5a12b29b7 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 386 techniques to evade detection by security scanners and make reverse engineering more difficult.