Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17DA298F184D87D351306A7CB937BB727B193C405D602A1C9C1E3639D66AACA0EF1AD1C |
|
CONTENT
ssdeep
|
192:o9HB9bVH3whpjDt6KjWEjm4FYMm4wDU9s5m46CeA/m4O:o9HB9BCZtRJCU9sj6StO |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c63a296db284c7e9 |
|
VISUAL
aHash
|
00087e7e7c3c787c |
|
VISUAL
dHash
|
ec71c4ccccc4d4d4 |
|
VISUAL
wHash
|
00187e7e7c78387e |
|
VISUAL
colorHash
|
00000008600 |
|
VISUAL
cropResistant
|
92a45b4b2b338c82,034f564451333137,ec71c4ccccc4d4d4,bf9a180d818d851b,3f27a7878787878f,763273d1d73a8ecb |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.