Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T168E121E1C418DD3B032286D9E7F56B5BB6D1C319CF02198053F843AB97DBCA0DB25A99 |
|
CONTENT
ssdeep
|
96:TkX7gzeFMSftVSTkhUSPRhtcJt3pwwvFse9XXHFbexXYHFCeJX9X/5zTz/z4GJ:QX7gzejCGf2JJppRQyf7XhnL4A |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
da55a55a42a5ad8b |
|
VISUAL
aHash
|
fcfcffccfcdcdfff |
|
VISUAL
dHash
|
2410220919393000 |
|
VISUAL
wHash
|
d0c0d0c0c8ccdfff |
|
VISUAL
colorHash
|
07482000000 |
|
VISUAL
cropResistant
|
2410220919393000,48ef899f17878f9d,074f972ba3974d17 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.