Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10E03327050406A770283E1E1A7349B5FE2E1D285CE272B09DAF5C36D2FF7D64EE96224 |
|
CONTENT
ssdeep
|
768:d6BM8kJvQbQAQNQA830PHJqpFcqK6+Zmhmm+QFZJJgApDrt:QBMnJvQbQAQNQA830fJyFc+dDrt |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c8d52b27562955ab |
|
VISUAL
aHash
|
00ffffdef80001dc |
|
VISUAL
dHash
|
02f8f0b4a5d493b5 |
|
VISUAL
wHash
|
00ffffdcfc00015c |
|
VISUAL
colorHash
|
0b000e00040 |
|
VISUAL
cropResistant
|
596578735456b638,8209806d2dac4080,0010080c0c100000,0051a2aaaa550000,02f8f0b4a5d493b5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 29 techniques to evade detection by security scanners and make reverse engineering more difficult.