Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1709246229457956F520AA6C0C2F1FBA7A953D50BCFB00FC5C9E88BC6D794FA1B533248 |
|
CONTENT
ssdeep
|
384:eeTpL30ilxOyHSG0NtsXJOcagvOy8gCOihgcObHgKO2VgQO4MgW5Ze+8L4kl8L4y:eeTpL3TSPt+OWO3OKOnOWOped4/4Cloi |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c14b0cae7ef4b3a0 |
|
VISUAL
aHash
|
00086cecf7ff7e42 |
|
VISUAL
dHash
|
31d1d8d88ccece86 |
|
VISUAL
wHash
|
00186cecf7ff7e00 |
|
VISUAL
colorHash
|
112000080c0 |
|
VISUAL
cropResistant
|
3068d8d0d8c9ed0f,f8f4e4bc9c1c4c84,9858bcb4f8f87272,6258ce90c6c7e7ee,6f2eb47cb8b931b3,3969d9dbdb9292a2,878787ab2e969303,cccccce6e6ececcc,79eadcb06343cc9e,43435351959d1426,31d1d8d88ccece86 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.