Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13B9307F7D2D8AA31F20377D0F4916356129B012ACF4AC9D8EB7C85B8A7C1C884C77991 |
|
CONTENT
ssdeep
|
768:J3txddlt9CiW2p6kugBS5Wja/J0FfjHzrJ9FFOdu3txddlt9EDQI9spOWzkGTGU5:jJcj4zkGTGU6I |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b24353ac3d4159be |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
94cdc9d9362a0f3c |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
06000000007 |
|
VISUAL
cropResistant
|
6c6c5564ee28cac6,162620032f002d1f,94432dcdc9cdd9d8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.