Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T159537273214AA9352597828AA3303F49B258ED46FB72F9D061E1025DEBF4F12D423DF6 |
|
CONTENT
ssdeep
|
768:V44pPYvUY4S6rgTziO0SSjK+6gbi2FKkarsV4cXPOixjyn/dGDatdlW1zxaJMysf:V44pVykyNql |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
81f0bda5c58f2da1 |
|
VISUAL
aHash
|
7f40417c63030f0b |
|
VISUAL
dHash
|
a69499c8c4d7dbfb |
|
VISUAL
wHash
|
7f42597c67010f0f |
|
VISUAL
colorHash
|
10400038000 |
|
VISUAL
cropResistant
|
df2b12143434160c,bef0c59ba6f0f637,aea4ca6a64ca95d5,9bf8ec6c0b070d11,1e73e7dcd2ac31c2,38e2c0b855685010,529296b6a6cbb6b2,a69499c8c4d7dbfb,a0cad38627234845 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.