Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B56124701214093E47174BE4FA70F72971BBE388C75FA40879ED03A667C6D45AC652E9 |
|
CONTENT
ssdeep
|
48:Tx9cjv6/dkJWK6QBxGp/cZSV2G9/coQGVlG/cHKuv4FCGMJY:TrY6eGpkO2G9koQUskHtv4FCZJY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
aa3967edc02737c0 |
|
VISUAL
aHash
|
01090d0dfd03e5e4 |
|
VISUAL
dHash
|
d3395939b1578dcd |
|
VISUAL
wHash
|
018d0d1dfd03e7e6 |
|
VISUAL
colorHash
|
00600280000 |
|
VISUAL
cropResistant
|
36a7e7e76726be37,e0272b2b2f33331e,6cfd7d4c9c8c8d67,a0a02224090b0582,2969c4d8b8f8d4f4,3db9b1b1b1b4ce0e,d252d3da5b1ad9b9,d3395939b1578dcd,56b23b2634742751,1b58581918181b15,374d287571713135,0109090909090909 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.