Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E453C970A044AE3310C3D2E567382B4BBAE58286CA93075DA7F9C38D5FDFD45CD62A19 |
|
CONTENT
ssdeep
|
384:A8444WDGDaZ/kDCa40Kx/K8uK30VQI9zyQTx1R2m2ZsJRU1bxiS:n4440GITxC8uK0O0rF2CU3iS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a55a5aa5c8a57a5a |
|
VISUAL
aHash
|
0000007fff430300 |
|
VISUAL
dHash
|
330096a6b6966606 |
|
VISUAL
wHash
|
000058ffffff1f00 |
|
VISUAL
colorHash
|
39e00000000 |
|
VISUAL
cropResistant
|
02f82f2323273ff0,292964645b713903,330096a6b6966606 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 9 techniques to evade detection by security scanners and make reverse engineering more difficult.