Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12F836522D3431503A0ABC5C8F1774B4973518A89CB174B7977BD23BAF9CECB57622298 |
|
CONTENT
ssdeep
|
1536:H4aNu3sreeqs0eekKPUgOq61eI9TQR0eKUee0Bczy1QCYCC6UEO7zzUwjkh4Wquy:BUPUgOq6ueHFTFxDRk222I2222222pYB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b4cbc669309396cb |
|
VISUAL
aHash
|
fff3ffc7c3c3c7c7 |
|
VISUAL
dHash
|
caa2c49ea68e8e8c |
|
VISUAL
wHash
|
7ee37ec34242c346 |
|
VISUAL
colorHash
|
03200030040 |
|
VISUAL
cropResistant
|
caa2c49ea68e8e8c,9192a2b0a8a0a2b2,633369f1222e3626,ce5665d7d6d55656,9793d64569827171,4f43712c30306060 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.