Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1051303206910992640DBD9C4A2F7432A52F98305CA6309D9FBF8C3FA5BEFD5CDA37161 |
|
CONTENT
ssdeep
|
768:jsIx/j0KM6jN0u645qN4x8+tgpzrVfH4P6Uf7x:jsIxwN6jN0u645I4xhgpzrVv4Pl7x |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ba2ba714dd4554ca |
|
VISUAL
aHash
|
010f00000000ffff |
|
VISUAL
dHash
|
3bbbf9f2b9bca40c |
|
VISUAL
wHash
|
8f0f1d080804ffff |
|
VISUAL
colorHash
|
0b007000000 |
|
VISUAL
cropResistant
|
8fcf7e3fb3674d19,b40004000c080696,3b3bf9c1f3b9bcb4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 27 techniques to evade detection by security scanners and make reverse engineering more difficult.