Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C6E116E1C048DC3B135385E5B7F52B5F7596C355CF020E8853F852EA5BDAC60CA23A99 |
|
CONTENT
ssdeep
|
96:Tkp8179oh4lzH030eGnVvvCyyEBiwvF3exXbHF+exXDz/bVvvCX9QPJ:QpQ79oh4lzH03snhvJyEYtzRzzhvG9QR |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d3824367b8b83cbc |
|
VISUAL
aHash
|
0020ffffff000000 |
|
VISUAL
dHash
|
dccd26002c725878 |
|
VISUAL
wHash
|
207effffff000008 |
|
VISUAL
colorHash
|
03000000007 |
|
VISUAL
cropResistant
|
f0d4aa8e698ecce8,4667a94bda984b4e,0020303030280810,4434cbd4d1c9c4d3,626252521a68785b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.