Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AFE2E6325040533B42A3C3D06719379EBBA1C0CAD6133F84AAFAC3595FCBDA6D631A61 |
|
CONTENT
ssdeep
|
384:K/9G/ImdNr6nhYi/j0UwfgStM9ofcRVieDW3LKXKKKEo8:K/93m6ii/2aeQVKqFu8 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
947987866b9c9c39 |
|
VISUAL
aHash
|
00664e00007e7e28 |
|
VISUAL
dHash
|
82c49483c3e4e4d0 |
|
VISUAL
wHash
|
426e4e40607e7e7e |
|
VISUAL
colorHash
|
30003008000 |
|
VISUAL
cropResistant
|
f5d2968da3abe4e6,6ad484a461298b8a,e8cccccc8cb22b13,fcceb259f11ed4f0,82c49483c3e4e4d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.