Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D8C30A20F1005A3B412383E8FA24AE4F7126E196EB458DF8C2F886585FD7DF99D154EB |
|
CONTENT
ssdeep
|
1536:lIO/KaBJblpscpjaJguKVOU2ejJujVteyBlTCIIHzEq51Spp:lIFaBJbofl4zEa1W |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
98e11f3ce0471f3c |
|
VISUAL
aHash
|
1f1f1f1f1f1f1f1f |
|
VISUAL
dHash
|
34b6f793b3b2b4b4 |
|
VISUAL
wHash
|
0f0f0f0f0f0f0f0f |
|
VISUAL
colorHash
|
1e000006000 |
|
VISUAL
cropResistant
|
819c9d96968c8080,7af058b0a0a388c0,f8d0c8f0e0ccc8c8,80a4a5906232e27c,0cf03d6960640820 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.