Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BF23B57113052ABB4B4382D0F72A7F9DE295C386C713AE56B3F083469FCAC62DD66241 |
|
CONTENT
ssdeep
|
768:3Lpg/HhguaFxqrRe+tdsK2GCOS6e3WpNQDguaFxqrRe+tdsK2GCOS6e3WpNQ6ggW:j8jBBJD |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
959969ec5691a555 |
|
VISUAL
aHash
|
1b0f0f0e06670304 |
|
VISUAL
dHash
|
9657da1c8c8eca9c |
|
VISUAL
wHash
|
1b0f0f0e0e77670e |
|
VISUAL
colorHash
|
38011600000 |
|
VISUAL
cropResistant
|
393b369cc1f1f1dc,9657da1c8c8eca9c,195b63174e2c3c1c,e583ce8d1a3c78f1,3c78e38409100107 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 90054 techniques to evade detection by security scanners and make reverse engineering more difficult.