Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T175322F32A449B93B1287A3E49B31638B7392C356CD631B1263E5E75D8FD6D47CC84217 |
|
CONTENT
ssdeep
|
96:JODdxHXoOjP1xVzXX3fFCGgOeKLoqXNS/wTAP1xVzXX3fFCGgOeKLoqXNS/wTq:8D/HX37ZzXfZLLoqXU1ZzXfZLLoqXUZ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec13ece4136c92e6 |
|
VISUAL
aHash
|
00000000fffff3ff |
|
VISUAL
dHash
|
9c69711038272323 |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
33000038000 |
|
VISUAL
cropResistant
|
0330272723232700,9c844a696932b2cd,0151aa2e2971cc21 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 674 techniques to evade detection by security scanners and make reverse engineering more difficult.