Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A68298ACE258A4635561C1E0D8AABBDB31408E45D7971E2047BCC173BEC9DAEDC073B8 |
|
CONTENT
ssdeep
|
192:p1g/ardoqapjPy56z8rnmiUL3droIRkBKa1qO1HoTKOiCieQa/X87iC9vy59sdGI:Xg/CTc656IE3aIYJa52cSpoGMc |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cbdd3c32dc28d12c |
|
VISUAL
aHash
|
383c3c3c3c2c0101 |
|
VISUAL
dHash
|
f1f1e9e1c8c903db |
|
VISUAL
wHash
|
3c7c7c7c7c3d0103 |
|
VISUAL
colorHash
|
320000001c0 |
|
VISUAL
cropResistant
|
b4b9ce848ee3939b,ba1b075b5b259dce,f1f1e9e1c8c903db |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.