Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15D33B63051911F3BE91BC3E4B56173641359969ECFE78364A5AE0372CBCBCD6EB22284 |
|
CONTENT
ssdeep
|
768:vDpmH6hExOLfYn1bJ6oiVZwkaNcFD+6/XIid:LpmHfx061l6dVWkgcx+6/Xd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c761c6383e31c6f1 |
|
VISUAL
aHash
|
60787020007c6c34 |
|
VISUAL
dHash
|
9ac4c4c2c4d0d8e4 |
|
VISUAL
wHash
|
727a7070007c7e7e |
|
VISUAL
colorHash
|
38002018000 |
|
VISUAL
cropResistant
|
8e8f8f4515154f4f,9ac4c4c2c4d0d8e4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 189502 techniques to evade detection by security scanners and make reverse engineering more difficult.