Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FBE2F732E588AC23916745D9E4CEA6E5F2FA2148CF720DA0BF9CD5B9F3C5CD41632194 |
|
CONTENT
ssdeep
|
768:/hbXLLjbrCiW26kuhdS5WRLrkss/J0FZAthbXLLjbrkf+yEsdf5nd51Al:au8Esp5nX+l |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed4596ba134318be |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
92c6c6d636362f2e |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
03000007000 |
|
VISUAL
cropResistant
|
6d6d22b2b6b6b634,d4809aa6a680c0c0,06363103272c2426,c02096c6c2e6d6d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.