Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DB049573C00A94FB0A974E8062AC672EB24B9019CE4D1F9166FFC2485FEBE50FF55616 |
|
CONTENT
ssdeep
|
3072:FKzL1hD0fc9ci+6pah+4rwhO23QsbD4HIbfydXMeesvZT9XTVlJnt5:FKzL1hDS6pah+4rwhO23Qsf4HIbfydXV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c95b26db34363265 |
|
VISUAL
aHash
|
00f8f8f8f8fcff03 |
|
VISUAL
dHash
|
d9f2424202019696 |
|
VISUAL
wHash
|
00f8f8a0f8f8ff03 |
|
VISUAL
colorHash
|
0e008080600 |
|
VISUAL
cropResistant
|
71d2414202019696,e0dc2f212b26d2e8,400080d8dc230000,1771ccd6d4e47117,191c564b43d1193c,181e466343919d1c,514933b3b3134d51,2745416161794547,0759796951514d47,17474d55496d6941,ed1d296913031303,176161796961454f,3f32792f33336371,131d5d4379797944 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.