Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1262202F2D054D93A076341C5BA76BBAF77E1C289CF03161413F813AB6BCEEA1991249D |
|
CONTENT
ssdeep
|
192:gWnc19zYhh9cAQ/A8iI4AOqG2AZu9ZNzZ0ZNJB8YMncKplU8F:gWnyG9HQ417AOqGjZ4ZdZ0ZDMncKpa8F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b098c7e78b768178 |
|
VISUAL
aHash
|
ffcfc3c7c7c7c37f |
|
VISUAL
dHash
|
0896969e9a8e0ec0 |
|
VISUAL
wHash
|
81c3c3c3c3c3c33f |
|
VISUAL
colorHash
|
07200000600 |
|
VISUAL
cropResistant
|
0896969e9a8e0ec0,0817171616171708 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 33 techniques to evade detection by security scanners and make reverse engineering more difficult.