Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17DA301325026113F447B8BF652FD8BF1F1E6948CC8A3978482FF837A13D9C11AD5A996 |
|
CONTENT
ssdeep
|
768:/h35srM2I/l1nKK6MMMXSrCfNH9bGg8uQaOJaey:535SM2I/DKXMMMfQzFy |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3383cc78338edc3 |
|
VISUAL
aHash
|
0100646e7e240000 |
|
VISUAL
dHash
|
4330cccccccc1c42 |
|
VISUAL
wHash
|
c3007e7e7e7e0e00 |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
f8a8b2347e7c7d5e,4330cccccccc1c42 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.