Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T127935331D729397B40BAD4C1AA2647ABB3B3F50AC5830651A7FCC35D6BC4D48ED1293A |
|
CONTENT
ssdeep
|
384:K63IuUivmRT64O6Nu/exNkNFZ+MST6Jbkifqk3uWoLjkZssLitBr/tdyGLCuCr/K:/ILe4O6NlQ+zYkzkeZL54yX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e363959c4e189ccd |
|
VISUAL
aHash
|
e7e1e1c1e1ffffff |
|
VISUAL
dHash
|
4b4b0b0b0b30170e |
|
VISUAL
wHash
|
a181e181e1dfc3e7 |
|
VISUAL
colorHash
|
07601008000 |
|
VISUAL
cropResistant
|
4b4b0b0b0b30170e,3f3617d73737e7e5,074b47c3c2c64666 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 58 techniques to evade detection by security scanners and make reverse engineering more difficult.