Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A714D6230258762A4037D3D02065DF76F7B6BA9BFB63CB0047E887B676F9C0C641A55A |
|
CONTENT
ssdeep
|
1536:ltqzP3UgQmTa3MZo+Hd1+R0/FOVdk2dFk6301tsPKWPw+A+xlshwt0p+z7+4VsBR:lti3OQf/FOVdrdFk63AOyb5SRXe9j |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8ad4543723b255fc |
|
VISUAL
aHash
|
661818210300d901 |
|
VISUAL
dHash
|
cc31326b2b232b2b |
|
VISUAL
wHash
|
66b898b981b9db89 |
|
VISUAL
colorHash
|
38250001000 |
|
VISUAL
cropResistant
|
2425e5645bdbd3d3,fef3f3f6e6ccf0c1,cc31326b2b232b2b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.