Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1618166326048582F5106C3D291FAB79FA9ABC106DF618F95D9F04FE6E5C0EA9F53210D |
|
CONTENT
ssdeep
|
48:LmyHyoo4QVIhX0TNTnTn/6aTNPmwNDxmwNV0KsLVgoi5qPN+DXf9yrtUtyCqP5AT:vHJo4nu/lDf05SlCmvQUtOeaa0k |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99b366cc33661966 |
|
VISUAL
aHash
|
18187effff181800 |
|
VISUAL
dHash
|
e0f0f0e8b2b2b2f0 |
|
VISUAL
wHash
|
183c7effff181800 |
|
VISUAL
colorHash
|
38000038001 |
|
VISUAL
cropResistant
|
e0f0f0e8b2b2b2f0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.