Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F5D23071940A559F614BA7E0E2F5FBA7AA41CA05CA710F45C2EA4FCBEB50F10BA3354C |
|
CONTENT
ssdeep
|
768:YUzGxAN6tP8G9NXtD2RmMeCUY1IIjVQDodUFcE8DKkrFFBVtH0fTstkiAJb/Gt8h:JzGxAN6tP8G9NXtD2RmMeCUY1IIhQDoY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
95c66a1169fdf980 |
|
VISUAL
aHash
|
0034ffff7f0e0000 |
|
VISUAL
dHash
|
64ece632dadabab4 |
|
VISUAL
wHash
|
0034ffff7efe0000 |
|
VISUAL
colorHash
|
19401008040 |
|
VISUAL
cropResistant
|
70689890d8c8f00c,f0b4e583c0741e6e,abd3529299d9caad,ad5d59496d5352ad,dd737353537332a2,e2c2e060fcbcbcfe,29090e2e2ed699bd,2e2b89cccecbdbd8,5656565635a5a4a5,2d277a3aabcb092d,51536e66666ab1b1,64ece632dadabab4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.