Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BBA3F1316304366F4237A8802D60BF99A1C3D36FC5134150596DAE698BF9FD1FA1E4BB |
|
CONTENT
ssdeep
|
1536:h0wynO1PebvovovZfXIL/nl9UwiEdBEfgTI8gH57ql7cykzrSxfVdnyOwLdmrHFq:h0wyn08IIZ/IacbON |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e592ca3f4c914db4 |
|
VISUAL
aHash
|
83e7e7c38381c7f1 |
|
VISUAL
dHash
|
2fcc4d16070f0f23 |
|
VISUAL
wHash
|
81e7e7c38381c3f1 |
|
VISUAL
colorHash
|
07e00010000 |
|
VISUAL
cropResistant
|
2fcc4d16070f0f23,0040515b5b554000,a9adade9e9b42d49,a8aaaeeee4b4b651,c604158903523b9b,c9494e96bb991313,4180008646a6a7a3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 629 techniques to evade detection by security scanners and make reverse engineering more difficult.