Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17453A721924C097ED16347C0FD55F7383676A374F20A855EEF6C20722A8EED4BA6ADC4 |
|
CONTENT
ssdeep
|
768:EoC8jPjyxENrItbGvTO060+eGxXykebR7HGq3333MR3333D3333k+F546abT/t:fjPOKB6GvTO060+eGxXyjbRKVq+FuT/t |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f2e52d3994f40d29 |
|
VISUAL
aHash
|
c080f6f6ece0e400 |
|
VISUAL
dHash
|
02018c8c8c098cf1 |
|
VISUAL
wHash
|
c2c0f6f6eee0e418 |
|
VISUAL
colorHash
|
18000000180 |
|
VISUAL
cropResistant
|
ffffff9f9f9ccfc7,45464a47d377d7d0,fcfc7cfe9e8cc0f2,c6c4048dc46466e4,006489e8eea64000,02018c8c8c098cf1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.