Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T120124E339619860A5299C3C093E0B26FEB97D595CFA05E42E4994FDEFDC4FE0A523118 |
|
CONTENT
ssdeep
|
192:5FaN/vGUW50FHFYF2YLIS+2AOu9BqC7d7FyIZqI3ZqISZqIx:o/uUW5AoLl+2AOu9BqqdvZqI3ZqISZqI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c7c734187969cccc |
|
VISUAL
aHash
|
003c3c3c3c3c0000 |
|
VISUAL
dHash
|
5269696969715096 |
|
VISUAL
wHash
|
383c3c3c3c3c20ff |
|
VISUAL
colorHash
|
30400038000 |
|
VISUAL
cropResistant
|
c1b0c4c3a1e4c494,b8c8a49c24e5a4b3,3970d190e5cd8c15,2acc2b2b2b2bcc08,2acc2b2b2b2b0c0a,5269696969715096 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.