Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1629354E0842D69FA122746E69B50EB99E3E78392C76342A143E443445BCDE7CECEF05D |
|
CONTENT
ssdeep
|
1536:xRDstc2akbHsrWrXGrfrttmqDq1myDCMmqgqMmqrqimqpqkmq8qymyHCGmq+qcmq:lJ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed6c683923936969 |
|
VISUAL
aHash
|
81d3c3ffc3c3ffc3 |
|
VISUAL
dHash
|
2327231b0f172b0b |
|
VISUAL
wHash
|
81c381ffc383f3c1 |
|
VISUAL
colorHash
|
06201010080 |
|
VISUAL
cropResistant
|
2327231b0f172b0b,0000000031100000,e3d129838497161c,e2c70c7a72310707,e494e969d96ee307,ecccce43535e3d3d,b9dbc30489171d1f,96c0f8f07a793b0e,e97a72c5d36e0e3c,c9b1610187650f0f,7f3531754d5a6084,b684b0e1ca182467,050d0f0391b1a505 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 113 techniques to evade detection by security scanners and make reverse engineering more difficult.