Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C941345081048D3B99D793DC97D5AF0622D1C752CB031F5186F897AAA9EEDD0DD122E8 |
|
CONTENT
ssdeep
|
24:hpCHsvcRhAD/T3N9t3T3N94/TXrLDfS/OEtFOlhsE5Ap8HaXhT5t:ChADjH5H4PSD6CE5Ap8HUT5t |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ee4c992b89ad8a8b |
|
VISUAL
aHash
|
f1f0f0f0e0e1e0f1 |
|
VISUAL
dHash
|
a32765070d4d4f03 |
|
VISUAL
wHash
|
f1f0f0f0e0e1e0f1 |
|
VISUAL
colorHash
|
06e00008000 |
|
VISUAL
cropResistant
|
a32765070d4d4f03,78f8ec9c3a6fe438,c9cee4e071d9c80d,236e667db6b1b9dd,730078794f4b0bc7 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.