Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B4546471B0F121372A6B2CEBF578774911A2C31AFB5606C4B9BA03B817D7C9768074AD |
|
CONTENT
ssdeep
|
6144:rF1ezjDvaKrIrnrIrlKAjkpQJTlZ7T727+7uICCNP+FOB97ktIoZGKkNakkZKqFT:WvL2r2lKZ8THPgYuIpNW8BloZUj01MXS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ef4b1715414c65d6 |
|
VISUAL
aHash
|
00a1b1d1ff939fe3 |
|
VISUAL
dHash
|
d069279715573657 |
|
VISUAL
wHash
|
008181d1ff93ffc3 |
|
VISUAL
colorHash
|
07401040000 |
|
VISUAL
cropResistant
|
8282c2d2d2828282,6369271717573657,d0d9e8d8c00aa20a,3f2d3d3b333bc6c6,846c68c86933534f,397971313133337d,6969fd39b9c90db5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2635 techniques to evade detection by security scanners and make reverse engineering more difficult.