Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C9C1E821780F526B9167BCC2A4727E0BF182F70FC259D6225AED569C8FF6CE4B5118A0 |
|
CONTENT
ssdeep
|
48:WWtlmd8n75w5ruRhNwjt+0V9C8bu9o9S+bzM9ybE+I4ZMld+xQZ:Wfd8OwbkC8btS+/2ybE+9mas |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e21998670d674d3d |
|
VISUAL
aHash
|
00000000e7e7e7ff |
|
VISUAL
dHash
|
aaaaaa4d8e8f0f8e |
|
VISUAL
wHash
|
000800c0fff7e7ff |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
f0cc8e96968ec871,aaaa4d2f860f0f96,f4c4cbc4cccac4d4,868686c686868686,62aaaa4d2f860f0f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1778 techniques to evade detection by security scanners and make reverse engineering more difficult.