Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BEE11C783922497B27570A9634709F9F71CFEB49C953A555A2FC82A2AFC6CC4CC19A30 |
|
CONTENT
ssdeep
|
96:guzfZC+kP/8Djsa4xbs/jqBDjqWG61o/3Fa0h3aNK4uabMZ999+P+q+F5:/fZCn38DjGwjODjBG61agsB+B+F5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b2181c76761c36b7 |
|
VISUAL
aHash
|
00dfffffe7e7ffff |
|
VISUAL
dHash
|
391410200c0c3000 |
|
VISUAL
wHash
|
00df08e7e70007ff |
|
VISUAL
colorHash
|
07000000e00 |
|
VISUAL
cropResistant
|
00232b3b2b230022,b490304d4d0c0800,000a517151500800 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.