Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18704B6E16E00267D4243CAFBDB271662F329E9F6F7529481C9AD83B44AD7C91F81F401 |
|
CONTENT
ssdeep
|
3072:oJMUlMcNdlba3QetqRrmcWFG9FDofKvJxl5Er+lsEKBMiUqRaDxetTafa7rSgiEb:YfRXkJaPzR6kcaW7uteupQ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b19acfa2658b3133 |
|
VISUAL
aHash
|
ffffc7c3c3c7ffff |
|
VISUAL
dHash
|
2a1c9e969e9e0c16 |
|
VISUAL
wHash
|
c3c7c3c3c3c3c3c2 |
|
VISUAL
colorHash
|
060000180c0 |
|
VISUAL
cropResistant
|
2a1c9e969e9e0c16,2d76469b37d99c56,6620232c342328e6,391bd33331397963 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 30 techniques to evade detection by security scanners and make reverse engineering more difficult.