Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13EB243B241C55DB70087A3D0D533072AB3A622E1FB6B470647F8CB4D9EABD98CC56867 |
|
CONTENT
ssdeep
|
192:GNsm+GABXELib+brmVvqq7tqW5BMB8x6PacLlOojQyecVl88Ry+y54ViYWUhpA/t:GNyNBXELiy/Y+nPacLBet8gjB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd40eba7e2669989 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
c0f0f0d40b2b2b2b |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
1e000000180 |
|
VISUAL
cropResistant
|
0000010101120000,88132b2f172b2317,e0c8d0f0f0d0c0c0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.