Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CB34E8F8132059FCB9C2FAF6AB523525342284FBF70A5998C2B40D5C18C59ADCDE79D2 |
|
CONTENT
ssdeep
|
1536:wMFzFjDRGm3jfP20ueJvFzFjDRGm3jfP20ueaLC9jtp0ueD5YB1IqtqXV7mUAlAA:lVhUiBOqtqXV7mUAlANW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
84c43b3b573ec4ca |
|
VISUAL
aHash
|
0070767676460340 |
|
VISUAL
dHash
|
6c94e4acec863fd1 |
|
VISUAL
wHash
|
0076f6f67e660361 |
|
VISUAL
colorHash
|
01006000000 |
|
VISUAL
cropResistant
|
c9cdd9c9e9d1c9dc,cf8672344d6dad89,c4b2b2c8746a6a74,6868ec44555bac8d,6c94e4acec863fd1,aad4a6a655a2d4aa,212fa8b559759b7b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.