Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A3B1C831410D973E80C61291FF62DAAAE297C16CE307C7746AEC831A47D5DA4D92B3B0 |
|
CONTENT
ssdeep
|
96:TPmAvB0EM9moc7aq82t+jvH5AQcAn9bSkow5WeGip91O/:DxxDVvtXtAn9bSkBWePDM/ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
936c6d9366699364 |
|
VISUAL
aHash
|
00181818243c2c3c |
|
VISUAL
dHash
|
30b270714d4d4d60 |
|
VISUAL
wHash
|
1818183c7e3c7e7e |
|
VISUAL
colorHash
|
30010200280 |
|
VISUAL
cropResistant
|
5d6d5d6d5d5d5d57,3535353535353535,0008101010080000,30b270714d4d4d60 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.