Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19D829562F6512C6214BB07C6E1176A9C90C207CFCB4A4AF57CE4479FE5F2CF0A65DA88 |
|
CONTENT
ssdeep
|
384:HCZUOU4C/s/pQHmU+RJqKMDm6VlY9p5ZrAf2hFbbYbHxdQbF4xMQqV:ad |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b96c6c93926c6393 |
|
VISUAL
aHash
|
db818181ff818181 |
|
VISUAL
dHash
|
33333333e82b3333 |
|
VISUAL
wHash
|
db8181c3ffc39981 |
|
VISUAL
colorHash
|
000001c0000 |
|
VISUAL
cropResistant
|
33333333e82b3333,28a8a6d314c4c8d8,3aa64a4cadc69614,402985d312404040,4832b4ca48544000,82928aca92828282,145ad8d19a02a9b2,b2b232c8e0696969,9290946969323269 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 686 techniques to evade detection by security scanners and make reverse engineering more difficult.