Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C634E7F8132059FCB9C2FAF6AB523525342284FBF70A5998C2B40D5C18C59ADCDE79D2 |
|
CONTENT
ssdeep
|
1536:wMFzFjDRGm3jfP20ueJvFzFjDRGm3jfP20ueaLC9/Kp0ueD5Yz1IqtqXV7mUAlAi:lV1zizOqtqXV7mUAlANg |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
84d43b3b5f2e54c2 |
|
VISUAL
aHash
|
0076767676020140 |
|
VISUAL
dHash
|
6994e4a4ec9633d5 |
|
VISUAL
wHash
|
007ef6f6f6460361 |
|
VISUAL
colorHash
|
01006000000 |
|
VISUAL
cropResistant
|
e78672344c6cac89,4b6fe6f5d96d6566,a2a280acac80aa80,c4b2b2c8746a6a74,6868ec44555bac8d,6994e4a4ec9633d5,212fa8b559759b7b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.