Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T138234A726332B4A883DB91DEF73D2E46B2C2989DF8C74554B5C9568D13C3C816287BB8 |
|
CONTENT
ssdeep
|
768:aD+EsZx8/G8m4RF4CDawBM7BgwlM7Bfw9r82+/9dtZkDieE565ThHEnnvdhfePqR:aD+EsZ/8mSOCDawBM7BgwlM7Bfwh82+X |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e9163469b486e3cb |
|
VISUAL
aHash
|
0000fffff9f9f9fb |
|
VISUAL
dHash
|
abbc47235b5b2b0b |
|
VISUAL
wHash
|
0000dfffe9e1f981 |
|
VISUAL
colorHash
|
06c00010000 |
|
VISUAL
cropResistant
|
08e2eb6bae9cbc3c,8e8e4cad59490e8e,1b2f235b5b2b2b1b,eb6ba69c9c3c3dfc,5fce2fe369178e4d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.