Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15333A3319001AA3B419385C9A375A31B77E3838ADBA34B84A3E8C39D5FDFC94DD27564 |
|
CONTENT
ssdeep
|
1536:UFdPKJrjylK2E6IOZuagHqI3ImJS2QgIYLQICeIkPksuGIyIhuBn1FsMRm:2BKJrjylK2E6IOZuagKI3ImJS2QgIYLk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f916adb2c18e6615 |
|
VISUAL
aHash
|
ff00000840c6fffb |
|
VISUAL
dHash
|
2f3031b9989c3293 |
|
VISUAL
wHash
|
ff00000840effffb |
|
VISUAL
colorHash
|
0e401008040 |
|
VISUAL
cropResistant
|
d02a2f23c86a9890,4c6ce470d8a9e4b1,29b399989c0213b3,000205d4d4d40304,903829b399999a9d,1f0d0d0c8f232264 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 19 techniques to evade detection by security scanners and make reverse engineering more difficult.