Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C9C1512FC35C135D0F4382F9779026BFAA59855C7B5A9DF028D4C46CB399E0640F1A9A |
|
CONTENT
ssdeep
|
96:2a4slBhc/aYfWtuJXS3FRHdidrgADpMTAHhQq0qQFw25:DJhcTOtuEPsCApBQq0q5C |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3529c6e4f8c1c93 |
|
VISUAL
aHash
|
00000e0000dfffff |
|
VISUAL
dHash
|
239998cecd338cb8 |
|
VISUAL
wHash
|
000c4e2020ffffff |
|
VISUAL
colorHash
|
030000001c0 |
|
VISUAL
cropResistant
|
239998cecd338cb8,2cacacb6252c2c35,6d5fcdd8cc88a8a4,d99195c9c99e8b8b,e88e923323b28ee8,284698988ac7ce1b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.