Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15BD3A8B2422066BF128783F4BA71B72D6356E34ECAB74A89C3F8D56E5746DC1DC010E9 |
|
CONTENT
ssdeep
|
768:TJbVO9n6MivqpTOD7o1iOG5H5GrB1M2d9suUzRgiErTzXivALA:VEe7iiOG5H5GrB1jxUzRgzfivALA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
de036d38f665f018 |
|
VISUAL
aHash
|
183c3c3c3c1c00fe |
|
VISUAL
dHash
|
f07171617979b230 |
|
VISUAL
wHash
|
1c3c3c3c3c1c18ff |
|
VISUAL
colorHash
|
38200030000 |
|
VISUAL
cropResistant
|
abbbaba9a9899989,b0f2b8b0abb18b92,660a2a75ab37ac8d,cd20000000000000,a080b4b4a0040410,7093927068cccec6,259585c2329c6c65,f07171617979b230 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.