Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T107C19163A555B93B6161C3D182F6B649E397C202DB504D83D3A80FDEAEC4FA1B133399 |
|
CONTENT
ssdeep
|
96:o96cJRVLzK2cXxWCRlH6csRJ6cNRtUeEP/8/PKj0T0dPJsc8AjUtKY6chFw5rHLR:sFJRlRcXxnRlHFsRJFNRtUHP/83Kj0Tc |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cccc663333cc9933 |
|
VISUAL
aHash
|
1818181818180000 |
|
VISUAL
dHash
|
f0b0b2b2f0f0e8e0 |
|
VISUAL
wHash
|
183c3c7e7e3c3c18 |
|
VISUAL
colorHash
|
38400010002 |
|
VISUAL
cropResistant
|
7173f03264f45859,f0b0b2b2f0f0e8e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.