Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18272E0B045C401776347DAE871A7AB2A76D08125D703AC04A7F416F9CBD6EA1DFD7382 |
|
CONTENT
ssdeep
|
96:FQaCe1lVpuIjqFsjGj2qrHqXIsrAFurAGZQrAgArJ/T2YWKdjokWwOTL/wpL6LVu:qaVpWAdsMN6YWKeZBn/G6LlFxlIxsmE0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a8c6859797c68597 |
|
VISUAL
aHash
|
ffc1d1c18b898181 |
|
VISUAL
dHash
|
b333b33333333333 |
|
VISUAL
wHash
|
ffc1c1d1cf898189 |
|
VISUAL
colorHash
|
06000400038 |
|
VISUAL
cropResistant
|
3333333333333333,70303232320c1012,7f9f9fcfdff3ff7f,31b2ccccccc4f0e8,4102706902000001,0d71718d69617969,f2b2d0ccd4dc9888,71584a4a4a4a4a4d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.