Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13103E932E1C2A667106383D073F7472922AD93C5D9520AA5D3FD838B1BDFC98B865631 |
|
CONTENT
ssdeep
|
768:GIIscJBeIeteJeXe5eVWJ4ZSFNDkbkX9tj4KIJnoOrOHoPj9ZXpd8qs7AE3UL:GIIskeIeteJeXe5eVWJ4ZSFslpoOrIoD |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c70ae439963b34e5 |
|
VISUAL
aHash
|
0070762c0000f3f6 |
|
VISUAL
dHash
|
c4c6c4c9d9cbc6c4 |
|
VISUAL
wHash
|
0270762d2461fbfe |
|
VISUAL
colorHash
|
38000008007 |
|
VISUAL
cropResistant
|
b2004037338000a2,c4c6c4c9d9cbc6c4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.