Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T133530B704264D936C1628384F6F1579D2229A3CE97230FC8E7B4AA3BB9C79F8CD551D8 |
|
CONTENT
ssdeep
|
768:Q1UYDIzUcEUkUabCkGU0/oAfwkyGOZ6HvtVPu/XAN4BkpmXPwU6UUFFu6VUStw9P:QqicBhw4oaRO9rPF0FFVKKDU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ca69c3e2e3cae1c2 |
|
VISUAL
aHash
|
ff00181810003c7e |
|
VISUAL
dHash
|
c832b2b2706969c8 |
|
VISUAL
wHash
|
ff181818183c7e7e |
|
VISUAL
colorHash
|
300060000c0 |
|
VISUAL
cropResistant
|
02e8eb2b2a32a232,2dabe4ecc9495b5b,b5a5ab63844f7474,abb3524a52526869,c832b2b2706969c8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 500 techniques to evade detection by security scanners and make reverse engineering more difficult.