Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1405272377054C12F4E9792ECF6D4A299A19ED285F730C956E6F4803FAB91DAC24303AD |
|
CONTENT
ssdeep
|
384:NvzTXGzBiAsadJ5i6iri+3fxRCeovQiIqCHFNBqYfMmUFCoLZ:NvzfAsQG6irDto1IqmfBUseZ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ba3acd6c28c5cc33 |
|
VISUAL
aHash
|
8181858585dfffff |
|
VISUAL
dHash
|
232b2b2b2b3b363e |
|
VISUAL
wHash
|
818185858587ffdf |
|
VISUAL
colorHash
|
0e206000000 |
|
VISUAL
cropResistant
|
232b2b2b2b3b363e,a8898979694989a8,416ccc8cacac8c6c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.