Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16323C832A482753F71635397B231AF1A33B6D606DA57170862F9C35B5F97DA0CC2228E |
|
CONTENT
ssdeep
|
1536:z44ImXZl59bgn1MjGXZl59bgn1MjnjtyMC1x9X04I+/nUqNsFaevyGn7n:g3k9kED8n |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c84371ff260cd37 |
|
VISUAL
aHash
|
001b7bff181800fe |
|
VISUAL
dHash
|
f4b3b2b2b2b3f1cc |
|
VISUAL
wHash
|
001f7eff181810ff |
|
VISUAL
colorHash
|
18400038000 |
|
VISUAL
cropResistant
|
b834c6c6479393e3,5696f2ea7261e9f1,b6e7e2f272f77e9c,0000000000000000,f4b3b2b2b2b3f1cc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.