Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15932B5B67064057F90478BCEBB97672E73AFE03AA1414C94BDFD86CAD716E82D253840 |
|
CONTENT
ssdeep
|
192:DNGJ9jpNe6rXkM40npDH+OWaiob2oDq733RKsteMGTH3Rs9kTxj54F81wyD9da4+:DMkv0pDeHa1t2eMmX+kXM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b14ccfb3cc62308f |
|
VISUAL
aHash
|
00000000efcfefff |
|
VISUAL
dHash
|
b272e4c49e1a9a60 |
|
VISUAL
wHash
|
00001060ffcfefff |
|
VISUAL
colorHash
|
03000000180 |
|
VISUAL
cropResistant
|
4b6a2a2a6a8ac7c7,e4c4c6189e9a1a24,b24e33b2d2a4c4c6,1919981811191313 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.