Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A7038730A0196E3B52A742D4DE74B74AA383D2CACA5306CB73F9C3DA4FDED5A8D44914 |
|
CONTENT
ssdeep
|
384:xOflSSkRkDextPi1023UeUvUbU/UUgwAcldRUgvWsn8l/orkx9KkFooUV889uj:xOWZgwAiRUgvWs8aIDFFUV8898 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed803f41fe057ad0 |
|
VISUAL
aHash
|
fffffffffc000000 |
|
VISUAL
dHash
|
0d1019e400407255 |
|
VISUAL
wHash
|
f7fffff3e0000000 |
|
VISUAL
colorHash
|
17000000180 |
|
VISUAL
cropResistant
|
2d98189094268000,2030884422100c02,800158c0e2325515 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.