Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14EB27423B204CC395DC70AEDE7E0A918151CE306FA7199CA326891BF77D5CF825A5B9C |
|
CONTENT
ssdeep
|
384:FYJYWp/nSxENpi5uK/TY/toNfMmUFCoosbIe9FAXl3IEXqG3Ia:2YWjKbYaNfBUs0+XBLXqk/ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a35708552a552bf7 |
|
VISUAL
aHash
|
00ffffffffffff00 |
|
VISUAL
dHash
|
60200c0c0c040031 |
|
VISUAL
wHash
|
00f0e0e00000f300 |
|
VISUAL
colorHash
|
06000038000 |
|
VISUAL
cropResistant
|
000c0c0c0c140031,000000209821651a,01110db3b34c2000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.