Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B2C2B6275318B67F1A6782D14708631FF552908EEA1743D0B1EEC26CB39AEB055B27C7 |
|
CONTENT
ssdeep
|
384:tDo48lJCMKI+xCSvoSfMtW/xeeYhiwUxBFu7HJktt31T3KlEQdd:KUvDCraMtW/x2zU87Jkb31T6yQv |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ac6bcc396c236479 |
|
VISUAL
aHash
|
81c3c3c381ffdbf7 |
|
VISUAL
dHash
|
232b0f0f2b3b3386 |
|
VISUAL
wHash
|
8181c3c381ffc3f3 |
|
VISUAL
colorHash
|
07200030000 |
|
VISUAL
cropResistant
|
232b0f0f2b3b3386,0484242321440400,3731a9aa8245330f,110930b2b2081101,0005050505050500 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 932 techniques to evade detection by security scanners and make reverse engineering more difficult.