Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19C51125384813623304617C987DBA725F2E41197E733FD9AE4F9C11AAA8BE91E433839 |
|
CONTENT
ssdeep
|
96:JScn/w7nydsiJd/jh5tlH/Plhy078Pj1Zvz:Kijzbv/f9z8L1R |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b94c94b6d191c337 |
|
VISUAL
aHash
|
fbc1f1c1818f8fcf |
|
VISUAL
dHash
|
8323233b1b3b3b1a |
|
VISUAL
wHash
|
f181f181818f8fcf |
|
VISUAL
colorHash
|
07000208200 |
|
VISUAL
cropResistant
|
8323233b1b3b3b1a,c6c2e7e5e40c2ccf,a9e8c9cec4607ae9,2b3badaf7776765b,15b29692b0ccd43b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.