Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A7A251B08185C83750A7A4D6B2B69F2F71E3834AC9430604D2FED3B997EADA4FD13465 |
|
CONTENT
ssdeep
|
384:zN18iQtLysKIKDHO/WS5HCxTWHmuHxVilmbBlmSbMlm2uUlmkwBDp38wHaj:zN18i8ms82WS5sab38m7mFm2ZmbBDp3y |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ba57cb14056751ec |
|
VISUAL
aHash
|
00998180df81c3fb |
|
VISUAL
dHash
|
7129293eb6352b2b |
|
VISUAL
wHash
|
00998183df8bc3ff |
|
VISUAL
colorHash
|
31c00008000 |
|
VISUAL
cropResistant
|
f8f96969c9c9cdc1,888f83a7c3d4c2a2,7129293eb6352b2b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5881 techniques to evade detection by security scanners and make reverse engineering more difficult.