Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DA3294B2E584186B1653C2F0AB61B7BEB1F68247D3030E3252FC236DDBC9DA3C856255 |
|
CONTENT
ssdeep
|
192:6nR32sJ5eIpfeFK81B9TkfYSVrHHfiHpCe:6RmXUfYShY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99b3679c4ae29a4a |
|
VISUAL
aHash
|
070f7f1f1d1f0200 |
|
VISUAL
dHash
|
1f9ed9d9b1b0bec0 |
|
VISUAL
wHash
|
0f0f7f1f1f1f0300 |
|
VISUAL
colorHash
|
30000010040 |
|
VISUAL
cropResistant
|
80a0a1f07830c2fe,803cc3c0dc2cc0fe,809c33b2b232c2fe,a09c0b131313c2fe,e03ccfc1fc2fe2fe,80bcb3b2c074c2fe,80b8c1c4fc3ce2fe,80b8c3c0fc1ce2fe,80b8c36269f906c2,1f9ed9d9b1b0bec0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 37363 techniques to evade detection by security scanners and make reverse engineering more difficult.