Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10D4343A27B43781531BF41DFC21B190C92C1E7CED612A9C0F6F09236A5B5DA0B6F17A9 |
|
CONTENT
ssdeep
|
768:yVTwN945mpYnWOgqedj9SJzSSLSPS3SLedxv:ym9M0Y85dj6cedxv |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b61c1c36171e363d |
|
VISUAL
aHash
|
00ffffefc3c7ffff |
|
VISUAL
dHash
|
d4000e0c4d4d0c00 |
|
VISUAL
wHash
|
00c100000303033f |
|
VISUAL
colorHash
|
0e400018000 |
|
VISUAL
cropResistant
|
40160e4d4d0d0800,009484f4d4c43440,69f9b8f3cbe9c6c6 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 941 techniques to evade detection by security scanners and make reverse engineering more difficult.