Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18E725452F6026DA210BF0BC6A0036ADD50C906CFCB4949A995FD8BDCE5B2CF0795DB98 |
|
CONTENT
ssdeep
|
96:3Cr/N620lkylxN8UU7QU6TU5IZeINw5AH15Nga7pmEmqmPmcSAiHgmS8YKHPgmS3:S/kkO8Ub0AG81Zxj2my3wj0VoVXk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cdc73838c7c73838 |
|
VISUAL
aHash
|
0000007e3c000000 |
|
VISUAL
dHash
|
173333c4f0330e60 |
|
VISUAL
wHash
|
818181fffe9880da |
|
VISUAL
colorHash
|
00e00000000 |
|
VISUAL
cropResistant
|
988494d0d5848488,8244b2a2aa020002,173333c4f0330e60 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 686 techniques to evade detection by security scanners and make reverse engineering more difficult.