Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11BE1B96F930827391B2101B4BD0C22EAC737461D73A14B5669F9C13C769AA576D352CF |
|
CONTENT
ssdeep
|
192:vnoxOTPhwW4TVtf3nbg5FSPHZOiltyhZSyNUZK4u:vnoxO7hwW4TVtf3nbgDU5OiltybMI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d159ae669149ce36 |
|
VISUAL
aHash
|
00000068060077ff |
|
VISUAL
dHash
|
9424d1dacec4ce7d |
|
VISUAL
wHash
|
4600086a6e70ffff |
|
VISUAL
colorHash
|
31400000180 |
|
VISUAL
cropResistant
|
80b8ce64ba5c2e17,80f08fa498a18618,204c8c2463e00131,948c35dadacec5e2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.