Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13F93B73511892F3F296382E167259359FB87CF15D753CA86E3F882677ACACD3C825860 |
|
CONTENT
ssdeep
|
768:i/HP1VvjDFeDTCVD7T1Uedt93Lll+sVHP1VvjDFeDTCVD7T1Uedt93Lll+sPRaVY:0RaQ0/veFi0qC9c774j0axmLj8Gq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c2506dbe969496bc |
|
VISUAL
aHash
|
00003c7e7efff3ff |
|
VISUAL
dHash
|
8ccbccd0cccc27cc |
|
VISUAL
wHash
|
00003c7e7eff81e7 |
|
VISUAL
colorHash
|
0e0060000c0 |
|
VISUAL
cropResistant
|
c8c8d4cccc23cc4c,8c86c9cbc0c8dcd4,4551253131394551,80ed252dedada2a9,01456171714d4180,a425440401dc8c9c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.