Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FAB20D23B200C86599EB09EDE7D4AE16141DE306FA329DCA72A491BFB7D0CF465447EC |
|
CONTENT
ssdeep
|
384:AM5VfqN9tf0dzwhkv5U5z9BYk9lt2lJg6ETUQnrVrfMmUFCo/+3sHby:9COWhkv5Oz9BYk9lt2lu6ETUQnrFfBU0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b038382a6f6d676a |
|
VISUAL
aHash
|
81c7e7ffe7e7ffff |
|
VISUAL
dHash
|
0f940f0c0c0f3306 |
|
VISUAL
wHash
|
81c3e7e7e78381c2 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
0f940f0c0c0f3306,ff7f7d3e3e7d7fff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.