Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12E23297186D913374AE203C1FB48DBA7FB9B819CD6506B9624ECC32D42C9C6CDC59A98 |
|
CONTENT
ssdeep
|
768:M4M015f5FbgX/TfIi/3Nr/Vf/8YK5RYfdDSPfl/BfLvFXfV/LqF+r4fFdevTvf79:lM015f5HiB/Vf/8YCRYfdOfl/BfLvFXJ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e56593929a3865c7 |
|
VISUAL
aHash
|
ffe3c181ffffffff |
|
VISUAL
dHash
|
e8c6860ed0dcd8d0 |
|
VISUAL
wHash
|
7e4000007e7e7e7e |
|
VISUAL
colorHash
|
07600000001 |
|
VISUAL
cropResistant
|
e8c6860ed0dcd8d0,3078580c1f199b63,6b3333232b89cdae |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.