Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FAD254B1A490D4370AD2A7D0B676272FB2D2C347E9060E11EFF8435E5EEAD90EF22115 |
|
CONTENT
ssdeep
|
768:AugwkjXlrnYYVk4PFLu2K375wPqgLIG9g6pVvCaUr9rQ2:AugwkLlhy4PFLu2KVgLIG9g6plq62 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c7b1ba9c18634759 |
|
VISUAL
aHash
|
ffff202038382000 |
|
VISUAL
dHash
|
49b6c8c8f0e0c8c8 |
|
VISUAL
wHash
|
ffff68643c3c2020 |
|
VISUAL
colorHash
|
39002200040 |
|
VISUAL
cropResistant
|
a6961236a2f830b0,49b6c8c8f0e0c8c8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.