Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18E6372A087185CFF3427F38AC908FB09B5C585BEAF0B47D665E4946E38D9D74C832289 |
|
CONTENT
ssdeep
|
1536:evTZnbvemlUcuXw/tW/mQ0Z/duGKUfsAaAh720ouM/ZksCLZDt:YZnbvemlUcug/trduLUfvwIP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cb4ae3facbca0948 |
|
VISUAL
aHash
|
ff8100000000ffff |
|
VISUAL
dHash
|
210a727031320e56 |
|
VISUAL
wHash
|
ffff00000000ffff |
|
VISUAL
colorHash
|
07400038000 |
|
VISUAL
cropResistant
|
2001296900171668,0010048e88565652,4e7232716131b230 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 996 techniques to evade detection by security scanners and make reverse engineering more difficult.