Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19A63C5750252292F91AB07D0F6A1F33C50BFB799E68BC55AA2FC41623BCDCE465123E4 |
|
CONTENT
ssdeep
|
1536:SgAv9szVVAaa+LACK9szVVAaa+LACK9szVVAaa+LACKniocbwvYglCkaaCItf/VE:sZtftIkTY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c1683ba2cd972e1e |
|
VISUAL
aHash
|
4040007e7a6e6e2e |
|
VISUAL
dHash
|
9190f0d4d4ccdcd8 |
|
VISUAL
wHash
|
4040107e7e7e7e6e |
|
VISUAL
colorHash
|
39c00000000 |
|
VISUAL
cropResistant
|
d9913131a3b2e6ce,d3c1f4eccc983694,6068684868893131,70f8f073f2dc9d67,ff7c6cccc48098b8,b1b13094aeb5961a,9190f0d4d4ccdcd8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.