Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15E43342094069C2B06D372E0F9316BAAA5D14349CF170A4991F85FDDFFDADA0CD2D6E4 |
|
CONTENT
ssdeep
|
384:ff1lKiA/3Y5Kjglu3Y52AvnOiM5tQZMUkQluVJRx3lrft:fQ//RsvnOiMpcuVJRNlrF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d906f0790730cf5b |
|
VISUAL
aHash
|
00003c3c98d9ddfd |
|
VISUAL
dHash
|
94a3e8d453331311 |
|
VISUAL
wHash
|
00083c3c98d9dfff |
|
VISUAL
colorHash
|
31001200030 |
|
VISUAL
cropResistant
|
9c175753517bbbbb,494999db656b8cb5,245c5965652bab62,80809098e0a2b3b8,1b87611108040100,8ea1909ca492fa3c,94a3e8d453331311 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 46 techniques to evade detection by security scanners and make reverse engineering more difficult.