Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EAF1F1E1C048DD3B531385D5B7F5275F76A6C345CF020A8853F852AB5BDECA0CA23A9A |
|
CONTENT
ssdeep
|
96:Tk58779oh4lzH03meGnVv7Z3EBgwvF7eNX3HFVevdXL2z/zVv76jlfQ6R:Q5a79oh4lzH03unhd3E+pqv92zLhYfQQ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c343477cbc3cbc06 |
|
VISUAL
aHash
|
0000ffffff0000ff |
|
VISUAL
dHash
|
16cdcc20082b23e8 |
|
VISUAL
wHash
|
0000ffffff0000ff |
|
VISUAL
colorHash
|
03000000007 |
|
VISUAL
cropResistant
|
d9cdc40034300868,4667a94bda884e4e,0000000000000000,044420cbdcd1c9c4,390303332323ec4c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.