Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F1F333B1C0957A3F014393D366A12F5BF2A2435ACDA74705D3FA93EF8BC6D14D8162A2 |
|
CONTENT
ssdeep
|
1536:/43Fji/qcpdIVWgime2dXIUrpoHiOqFZY/OliceivElH8SgktpqwsFsSme7wKbcL:NpKVqdxtv |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
867169798e93392e |
|
VISUAL
aHash
|
0130003e3e003c3e |
|
VISUAL
dHash
|
47c2d464649e6064 |
|
VISUAL
wHash
|
f3fc003e3e003e3e |
|
VISUAL
colorHash
|
09006000000 |
|
VISUAL
cropResistant
|
ea4e4f93131397b6,adcddf9fda9e326e,adcddf9ffa9e362e,47c2d464649e6064 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.