Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13323C861820571620B7E4BF4F87D42171287699FF8B2A0609E7AF7E634D3FB5AD1E108 |
|
CONTENT
ssdeep
|
768:aj5sp31urzravUedngJJHqqZjispgNmzUWE+GnIWnIjiD99jifIAaizyH6sSHy1t:aj5sp31urzravUedn+JHqqZjispgNmzm |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c027ba98dc65635b |
|
VISUAL
aHash
|
ff2f0000feffffff |
|
VISUAL
dHash
|
805d4ae6b480a080 |
|
VISUAL
wHash
|
7f250000207f7f7f |
|
VISUAL
colorHash
|
06006000080 |
|
VISUAL
cropResistant
|
805d4ae6b480a080,e1c0a4d0ea72381c,7860d2d4a99183c7,f0c0b2a0a0a2c0f0,335dccccd496b261,e069b296d4ccccd4,1c9d1c9c9d9c8e46,073161c4ca603107,0c7161c8c861710c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 78 techniques to evade detection by security scanners and make reverse engineering more difficult.