Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10B03B8B16640353D135391D6E714BE0DA3B1D1ADDB6B1A80A2F806BEABD3E70F43225D |
|
CONTENT
ssdeep
|
384:KzEBH6HrOjpK8FhIxRT4+wL2MPISAaJo0+zMigocnYAe8t/vRU05tPC:pH6LkgtRTk2YISAaJo0+Rdc5vt/5VY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d8a4e69a99e4d233 |
|
VISUAL
aHash
|
ffff001818180000 |
|
VISUAL
dHash
|
a4c40e32f9711024 |
|
VISUAL
wHash
|
ffffc0181c3cf080 |
|
VISUAL
colorHash
|
39202018000 |
|
VISUAL
cropResistant
|
00932424b4849384,e40832b179310420 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 935 techniques to evade detection by security scanners and make reverse engineering more difficult.