Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14B81A633544A942F5216A784D2F1B79A9516CA46CEB01F90D6894FD7E4E8FB1B07311C |
|
CONTENT
ssdeep
|
48:gGBY/FwCOXyFH1G0x8jJmTn/6aTN4mwNzomwN4mwNB0LXbvlXgVgo+oqPtzNOUTB:tK3OC9Ws/S5oaT01XLZJPe6VD6R6RO/2 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f25a36d14a255a97 |
|
VISUAL
aHash
|
c4c4c5f1ece1e7e7 |
|
VISUAL
dHash
|
0d1d2d0199834e4d |
|
VISUAL
wHash
|
c4c484e1ece1e7a7 |
|
VISUAL
colorHash
|
0a400038000 |
|
VISUAL
cropResistant
|
4b4b0ba94d856363,94ecc8c87393d199,cb8347dbcb4ff1bb,08324c4d4d4d0c20,2929898539159e1e,cccc8e9f1a1b9a19,a5a5a52826a68b9b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.