Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1106182375111881F2112D610FDC3B248E4A9E30FC9157D98F7A8A1FA3BC2EE4C43A622 |
|
CONTENT
ssdeep
|
48:biNGrUUWvgTVgu3LBdwB1SB1AEgTVgYgTVgulNrNKrjh9NaN4J5A39m+HQFfhxSi:bPUIlYcEIKrFxA3TwgdAR4AL |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a87062595939f6e6 |
|
VISUAL
aHash
|
0000f7ffffff83ff |
|
VISUAL
dHash
|
82a686b2b2475725 |
|
VISUAL
wHash
|
0000e3ffffff8101 |
|
VISUAL
colorHash
|
0e180008000 |
|
VISUAL
cropResistant
|
868632f2c8577765,0082929292008080,23a60415a5a73a5a,656565092a2f6766,a4eced53ab2b3317,9a9953434a475404,72525b4b4b495a60,e9695595b5d5ce49,e6e2eb4b5a5ab9ad,a52545697414ce2b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 15 techniques to evade detection by security scanners and make reverse engineering more difficult.