Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A6C34BB07208B5661AB383A360AB2612F33D950AD40F4C747350D9AD77ADCD7E127BE6 |
|
CONTENT
ssdeep
|
1536:w4DRGkXbeTVq53QlHxh8N6R8XXhjaPnQWT+Fukpc:r1ZXqTj/mN6yXt1VS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c63b389479c6c639 |
|
VISUAL
aHash
|
00007078787e3000 |
|
VISUAL
dHash
|
9400e4c0d0c4e409 |
|
VISUAL
wHash
|
4200747e7e7e7e50 |
|
VISUAL
colorHash
|
386000c0000 |
|
VISUAL
cropResistant
|
f0c380989880c3f0,2c2c3a1a1a1a1383,a0cac082cac0caa0,33332baaaa8ecccc,6969c8cccc8c9686,e09c0ef8fc0e1e80,a08ac0828ac08aa0,609c8e189c869c60,3333b2aaaa8ecccc,fcecb02626d87cfc,9400e4c0d0c4e409 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 25 techniques to evade detection by security scanners and make reverse engineering more difficult.