Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T131F33C32E3292C3EA2A740D8FAB5774B31D2D52DE7054430AD6C56B907D7CE6720AB78 |
|
CONTENT
ssdeep
|
3072:a72D4Eex2t05LNZUmNGw8w2YNYSA820D0jMP9HSWE6dPG:a72D4Eex2t051GSVD0G9HSWE6I |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc993323cc396673 |
|
VISUAL
aHash
|
0138183838100010 |
|
VISUAL
dHash
|
3370f0b0f2f04865 |
|
VISUAL
wHash
|
8f3c7e3e7c780034 |
|
VISUAL
colorHash
|
30600018000 |
|
VISUAL
cropResistant
|
e8d0c8649b0382e8,3370f0b0f2f04865 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 484 techniques to evade detection by security scanners and make reverse engineering more difficult.