Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T118C3C6F4A2C2597D1793C3E0FB717E5F61AAA15ADB07860B41FC43AC16C2C89DC969C8 |
|
CONTENT
ssdeep
|
1536:KRFCB2YqcssztvGrrwOtv7ar/sReYsYkBSI8fKUGlSr/8Qh:0f |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
abb0844bd4ce5bb2 |
|
VISUAL
aHash
|
ff0000ffff0000ff |
|
VISUAL
dHash
|
009f8d5555535314 |
|
VISUAL
wHash
|
ff0000ffff0000ff |
|
VISUAL
colorHash
|
06201008440 |
|
VISUAL
cropResistant
|
009f8d5555535314,7f9e9ff973f8afe6,e026c4c4d4c4d054,1303c9555b59cd68,443a939791d8d554,64203020c69486c8,4c48848919a8c5cc,7c784a4b66646a4a |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 42 techniques to evade detection by security scanners and make reverse engineering more difficult.