Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1ED633232D2831917A0ABC2D9B171470923658A4DCB974F7867BF23FAF9CFCB16612254 |
|
CONTENT
ssdeep
|
1536:EXrM2rMZ7J55yPUgOq6Y+fbP0ek/ABZRpWe59rU4pOtLMaKFGU6LQewe8sg6LWTU:QrM2rMhoPUgOq6VxZl59rU4pvGXgeRgu |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3346c6932cdcf32 |
|
VISUAL
aHash
|
00003e7e4678787c |
|
VISUAL
dHash
|
d654f0d8dcdad2d8 |
|
VISUAL
wHash
|
12027e7e4678787e |
|
VISUAL
colorHash
|
03000038000 |
|
VISUAL
cropResistant
|
d654f0d8dcdad2d8,24d293931696d3d3,f0b0b6dcecd4cc69,0000000000000000,72406194d555acbc,2bebcbf92d2d250d,b27168693933b3c8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.