Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DC235B726722B8A843DB91DEB73C3D56B2C2589DF8C74454F5C95A8D23C3C806297BB4 |
|
CONTENT
ssdeep
|
768:aF+EsZx8/G8y4+DawKM2BFwAM2B0wZCN2/y9dGDTDiJE56ITmH+LCBlvNPqDvKAZ:aF+EsZ/8F+DawKM2BFwAM2B0wcN2/y9M |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
be3ec1c97b90944a |
|
VISUAL
aHash
|
8181818181ffffff |
|
VISUAL
dHash
|
5b4d450d15400000 |
|
VISUAL
wHash
|
8101010181ffffff |
|
VISUAL
colorHash
|
160000001c0 |
|
VISUAL
cropResistant
|
5b4d450d15400000,00000000081e1c1c,863f86a6a6a6b643 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.