Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C7742BBC130116BDB05B87E9F950F3AEA12FD298EA93CD4DF3AC828127C6C98CD55594 |
|
CONTENT
ssdeep
|
1536:sUd0hdOc4NFfI/6P0rl1HoknsWiXgyqimhJ86o6+3vV8oWVPzEG/9lP0rl1HoknS:Jd0cPP4hPo6+0PzEG1VPENPlKEQp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
877a7abc64646287 |
|
VISUAL
aHash
|
803f3d003f003f20 |
|
VISUAL
dHash
|
2379c956d4d4faca |
|
VISUAL
wHash
|
803f7f007f303f25 |
|
VISUAL
colorHash
|
190020000c0 |
|
VISUAL
cropResistant
|
9f9173fa1639b535,333b982d111aebcb,99970eecf2f8e869,8b396f63d8ccc8e0,7925bcf4e8d0f033,d8586cf4c888f1b2,ab28282a22292929,d252160761c89eb5,55d3d3a4d4666666,7b24b4f4e4d0f032,2379c956d4d4faca |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 38 techniques to evade detection by security scanners and make reverse engineering more difficult.