Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CFA2541321085995C2F34CD998103A44A286D74FC9319770D2BC1E7F1BE2AB6B7A9F7E |
|
CONTENT
ssdeep
|
192:por+0u7ly64HjbFIjra/V/lVV3KMWxGaw1Ds+JkzGYhxU5P+J/1wjwgBwXyGzzKb:phl94rKIOaq8ang+zwiHQgVthBWrhygx |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d2a55a8c25528f5f |
|
VISUAL
aHash
|
7fffffc3c3fcfcfc |
|
VISUAL
dHash
|
848c089696000008 |
|
VISUAL
wHash
|
00c7c3c3033c0c0c |
|
VISUAL
colorHash
|
07000000007 |
|
VISUAL
cropResistant
|
848c089696000008,0008101232240000,49c9d694d8a493cc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 9 techniques to evade detection by security scanners and make reverse engineering more difficult.