Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T102742BBC130116BDB01B87E9FA50F39EA16FD298EA93C94DF3ACC28127C6C98CD55594 |
|
CONTENT
ssdeep
|
1536:OUd0hdOc4NFfI/6P0rl1HoknsWiXAuq7DzXM6LHlCr85X8+dkWVA4QGzxlP0rl1A:Dd0cPPwzPLHlB5s+VA4QGtVPY9PlSEUZ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
877a7c65623c7885 |
|
VISUAL
aHash
|
803f3f003f003f20 |
|
VISUAL
dHash
|
4b69f0d0c8d0f2c6 |
|
VISUAL
wHash
|
803f3f007f343f32 |
|
VISUAL
colorHash
|
180010000c0 |
|
VISUAL
cropResistant
|
972a8f51fbcfd757,73cde64aecececec,8b396f63d8dcc8f0,99970ee8f2f0e869,7925bcf4e8d0f033,d8c864f4c8c870b2,6d498d892926c68c,a733194c44e0e2e0,cc8eb68c6a64d4b2,f2d286a7a1e8dab4,9666457329a4f871,7b24b4f4e4d0f032,0e9c169cac96d861,4b69f0d0c8d0f2c6 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 38 techniques to evade detection by security scanners and make reverse engineering more difficult.