Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C003B735529CB2BF2183C7E5CB72566A739B91A4FA37424153FDC3A8ABE2C99CC07540 |
|
CONTENT
ssdeep
|
768:Edexbd6tlpSqlnJPBYoaAt2So71ywbjx1+K7JXKIAcOQ9:Edehd6tKqbPBaAt2SoBzx1+K7JaIPOQ9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8d11bae4fad44e94 |
|
VISUAL
aHash
|
7f0818181210ffff |
|
VISUAL
dHash
|
f47372d6f6e6e63b |
|
VISUAL
wHash
|
7f0818381031ffbf |
|
VISUAL
colorHash
|
16e00008000 |
|
VISUAL
cropResistant
|
a4f67b727252d252,dc1c5729085a21a1,dc3c7e7ef081c0c0,93909c9db69cb6b2,e67672c676d4233b,8205284c4d4c3004,078180a0b0b0b0b0,f4737270d6f6e6e6,5b97afdfbf7fffff,23331fc7c3d1d4d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.