Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FC7362347901686630EF4ACEE273798E2284EFC6C99619D9C6F0472469F7C61FED12D8 |
|
CONTENT
ssdeep
|
384:KWoC2Yqa6x//gTZUZ95ZY4a7a3pGpa7a3pG3Va7a3pGua7a3pGRF1ca7a3pGNa78:0CAq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
afc15e5a81342b76 |
|
VISUAL
aHash
|
f1fff7ffdb818181 |
|
VISUAL
dHash
|
450207de17555517 |
|
VISUAL
wHash
|
e0fbf3ff81818181 |
|
VISUAL
colorHash
|
0e000038000 |
|
VISUAL
cropResistant
|
450207de17555517,ecdcb2a66ad2d5d4,000040d0d0c04840,c51828ac2dad8914,a45151a4a4666694,73b3983939599965,33b2715b39352564 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1085 techniques to evade detection by security scanners and make reverse engineering more difficult.