Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C0F2C872426951376773C3F4F6803B3CF2A7820BDB568DC5F2A9C1CA1AC1D9A99523D4 |
|
CONTENT
ssdeep
|
768:WESGYgB95o4CEBTJIyd45Jc1dcCc2W0Yd+nwa+IRCnAdh5VdcvG9/UHdV7ZSd37R:uzstTPcvG9/Ur7Ze781urTA+ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bf6ac99194c1c13e |
|
VISUAL
aHash
|
ff8181ff87efff87 |
|
VISUAL
dHash
|
4b33337d1d4f6b4f |
|
VISUAL
wHash
|
818181ff0787fb87 |
|
VISUAL
colorHash
|
06000000c00 |
|
VISUAL
cropResistant
|
4b33337d1d4f6b4f,735752732316d219,33b280e0e0a08080,076971331771710e,95d6ccccc4c8c4d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 258 techniques to evade detection by security scanners and make reverse engineering more difficult.