Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1267262B24318B6BE64EBCAE4AE2A733B5156D04BE9E6114152FD8778C7C7DC0EE23540 |
|
CONTENT
ssdeep
|
192:0WlYuftkpT49zG7zNoJ0sq3/bTpxIIIImucpqpxIIIImiE//VtVioIE5Ky5Jh:0UYuVkZiJZNhnVioIEwuJh |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
990ce6e4cce2e6cc |
|
VISUAL
aHash
|
0300000018ffffff |
|
VISUAL
dHash
|
d5b3f3b3b25a5a5a |
|
VISUAL
wHash
|
e700000018ffffff |
|
VISUAL
colorHash
|
06000000038 |
|
VISUAL
cropResistant
|
000405151505049a,b2b2595a5a5a5a1a,d7f3b3f3f3d3b3b2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 49 techniques to evade detection by security scanners and make reverse engineering more difficult.