Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T162235A726332B4B843DBA1DEF7382E06B2D2998DF9C74694B5C9598D13C3C8522937B4 |
|
CONTENT
ssdeep
|
768:aJ+EsZx8/G8EyQ4lDawMMjBzwVMjB6CN2/y9dGDTDiJE56ITmH+LCBlvNPqDvKAq:aJ+EsZ/8EyzlDawMMjBzwVMjBXN2/y91 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b38b20dbc3a873cc |
|
VISUAL
aHash
|
efc3c3e7fee7c3c3 |
|
VISUAL
dHash
|
498e864d6848968e |
|
VISUAL
wHash
|
efc3c3c33e070303 |
|
VISUAL
colorHash
|
00007000000 |
|
VISUAL
cropResistant
|
498e864d6848968e,3d0d0d8de56d0d3c,acae5a51519b9b2b,35c9c91666e6b4b1,1d0d1dc5e50d0d38,acae5a51599b4b0b,3589c9491645e6b4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.