Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12D427333A600DD2A4D9B91C8F5C49688525ED346FB7208C6A17091BF7BC5DF02AA93AD |
|
CONTENT
ssdeep
|
192:dmNYcpcyche9ntQootxY0DLa1McnthWeNWbLOdofMmUU8VCo72:dmqcpcyche9ntQaiLaQOdofMmUFCoq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a2755c2a752a58dd |
|
VISUAL
aHash
|
00ffffe7ff00ffff |
|
VISUAL
dHash
|
a2ce004d0c794900 |
|
VISUAL
wHash
|
00e7efe7e70000fe |
|
VISUAL
colorHash
|
06000038000 |
|
VISUAL
cropResistant
|
0c084c4d08490900,2020a0a04010c0ca,0121596c6c122400 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.