Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T181B244B241C55DB70087A3D0D533072AB3A622E1FB6B470647F8CB4D9EABD98CC56867 |
|
CONTENT
ssdeep
|
192:GNs++GABXELib+brmVvqq7tqW5BMB8x6PacLlOojQHcVl88Ry+y54ViYWUhpA/FD:GN6NBXELiy/Y+nPacL4t8gjB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fd40a3b6a2329d99 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
4cf0f0d40b2b2b2b |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
1e000000180 |
|
VISUAL
cropResistant
|
14005c5cacac0004,88132b2f172b2317,e0c8d0f0f0d0c0c0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.