Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A7412E754510580F215789B1EC83B288D9FDE21FC9539EA4B7A811FA3BD2DE0C1A7231 |
|
CONTENT
ssdeep
|
48:TGiNRlG/XzUToXzUTlKrKAXzUEh+f553cNxQvHOFf+xSFfXHh0ZaIGSXLL:TG/XzUkXzUUXzUEQ53buNAkBSXLL |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a86068717279f4af |
|
VISUAL
aHash
|
0000ffffffffbf97 |
|
VISUAL
dHash
|
83879692e0475735 |
|
VISUAL
wHash
|
0000f3ffffff0101 |
|
VISUAL
colorHash
|
0e180008000 |
|
VISUAL
cropResistant
|
b69631c5c0477775,6083939393008084,672723333735354d,1955646464646e0a,6565652a2a2a6746,e6eced4bab2b1717,9919516366666614,73535b4b4b5b5a62,696d541414564e4c,62624a4a5a5a1818,252545696814968b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.