Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1610374B2D2245D3B1257C2C257743B9FE9A2D18BCEC3069AEAE4D3984787DD3E913205 |
|
CONTENT
ssdeep
|
768:OwndcHrFq/MK6+dfflefxF6yGJ8J2UJDYg6HDMbj6uxjlD+Y0gQpgN9iTrF2iRb:xn9UcPjH08F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fe41b6b6043e117c |
|
VISUAL
aHash
|
e7ff0000f8ff9f81 |
|
VISUAL
dHash
|
ec8b012060292723 |
|
VISUAL
wHash
|
06ff0000f8ffbf81 |
|
VISUAL
colorHash
|
0f600010000 |
|
VISUAL
cropResistant
|
000004c4c4040000,0808088888898181,60607c392d27332b,00a404e4e41c0403,8181882031202060,3929252733232be0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 940 techniques to evade detection by security scanners and make reverse engineering more difficult.