Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17BA144A38049A21F122142D1D1B1BEBBA7929906CF630D91D5E90BDBED9CF76B07318C |
|
CONTENT
ssdeep
|
96:dG3O8KQ38/rI7+0EKk2aiG3TN5G4UtkGnLtgZGal2:eOc38/87+0Hk2atTN+tLaTl2 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a1055d5a3af25ed8 |
|
VISUAL
aHash
|
002277e7ffdcef00 |
|
VISUAL
dHash
|
3152c68db9385e8d |
|
VISUAL
wHash
|
00227fe7fd9ce700 |
|
VISUAL
colorHash
|
19200030000 |
|
VISUAL
cropResistant
|
1c9ae167c3a18a5b,3934eec6ce8e4647,b2aa96ce8eb086b2,3363c9dd9a0d323a,8cc0ca434b4b409c,8c40ca4b4b4b409c,2a2a656545650a9a,15154e4aeb4f55b5,a2aa823a78ca8282,3152c68db9385e8d,73e65b59444449c9,73f67b4944444969 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.