Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E2A34DA2E2809E22157740C5F06FB25473A62819E79E0E50FA1CC9FF77DA46A137339D |
|
CONTENT
ssdeep
|
768:uVT0TQH7YFanruQGYjeCuPNpRrfH3i8ybtJrbnhsPCtPCQy55Vzc+b42NB2jIGr/:uSC2NpRrfH3i8ybHA3zQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cb19c46165e53dc6 |
|
VISUAL
aHash
|
7a3c3c0020007c7c |
|
VISUAL
dHash
|
d27971d0c8d9c4f4 |
|
VISUAL
wHash
|
ff3c3c3820207e7c |
|
VISUAL
colorHash
|
38000008011 |
|
VISUAL
cropResistant
|
d6d632929339dccc,d217170e272b2363,bc962e6fb4d4ccb5,f1cc8e9686ccccc6,d6e9cc8cccc8485a,d27971d0c8d9c4f4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 34 techniques to evade detection by security scanners and make reverse engineering more difficult.