Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14D322343220C5A65C3B3489D841439946143D68FC9A1CB70D6BD0D3F2BE2BA267E6F7E |
|
CONTENT
ssdeep
|
192:PThD67cI3VVHjb3IjLZ6/vjwXEP/Lthj+mWKfZU0zEy4ttXhoJpjwik/donDonZD:iVVevXGnora44yj9hDV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cdceb1395286c639 |
|
VISUAL
aHash
|
3c00303000200b03 |
|
VISUAL
dHash
|
4852666592421202 |
|
VISUAL
wHash
|
7a7a7272c2803b3b |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
5a8dcdde5894dc48,4852666592421202 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.