Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19C14B6B0D1121E5F220709A47076E6C6E08BB34CD72F848993E86A5BBBDFCD249745BD |
|
CONTENT
ssdeep
|
3072:Wk/MdMKM1MZMDMXMdMKM1MZMDMXMdMKM1MZMDMXMdMKM1MZMDMXMdMKM1MZMDMXs:N |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e8cd39e91696d432 |
|
VISUAL
aHash
|
fbf9fffff9f90000 |
|
VISUAL
dHash
|
d313812513135b75 |
|
VISUAL
wHash
|
70f1fdf7f1f10000 |
|
VISUAL
colorHash
|
0f003018040 |
|
VISUAL
cropResistant
|
d213932525131313,8a641b97966805a2,aa314c4d4d4831aa,455145c9cb334b02,444525dc7c234580,a2bca2a29c968c8d,8b33ddd579712509 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.