Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C68375B190B59577428FF3D0A636672E7283C78BDA860BE2A3FC43582AC1DE5DD13509 |
|
CONTENT
ssdeep
|
1536:292jxMkvdqI1Mq6CKFbQd+rsu3xMkvdqI1Mq6CKl2f5r6CWmCSLSL/x31R3Imjqx:Jzy3dJxvmc |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cb3236cd5932c6c9 |
|
VISUAL
aHash
|
00002c3c383c3c3c |
|
VISUAL
dHash
|
c970696952616961 |
|
VISUAL
wHash
|
243c3c3c3c3c3e7c |
|
VISUAL
colorHash
|
09007000000 |
|
VISUAL
cropResistant
|
08112622430b0745,5b5a59080c0d3c80,c970696952616961 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 62 techniques to evade detection by security scanners and make reverse engineering more difficult.