Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D11224E0D044DC3B635385E5B7B6374F7596C345CF020E9863F892BA5BDACA0C923A99 |
|
CONTENT
ssdeep
|
192:QUv7mohOlzH0X1nhvH7hv5C2PtggXzbdhvgyFhvbBQK:QUQQhvHdv5CyzTvb7vbT |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cbc1437b903eb4ac |
|
VISUAL
aHash
|
7828ffffff0000ff |
|
VISUAL
dHash
|
d8d0e5faab696995 |
|
VISUAL
wHash
|
0000ffffff0000ff |
|
VISUAL
colorHash
|
07000000e00 |
|
VISUAL
cropResistant
|
d8d0e5faab696995,2615454d724a3c34,1169695252521d3d,070b0b0b0b0b0b0b,8ecccce4a72e587c,353531353b33350d,1219e1b228506222,c0c894eaeab58a80 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.