Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19032CD21E501919B1137D9D0F550BE0CA69EF30FD28A85A4B9F806E5AFE7DF4B8231E4 |
|
CONTENT
ssdeep
|
192:m+o4uFwlA96OJ1hNP/WTM5UnUNgl3NWTM5UnUxglyNWTM5UnU6glNNWTM5UnUPgb:VYTYYTNFPW3Y |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b36664cc66663399 |
|
VISUAL
aHash
|
e7e7e7e7e7e7ffe7 |
|
VISUAL
dHash
|
4d4d4d4d4d4c0c4d |
|
VISUAL
wHash
|
c0c0c0c0c3e7c3c3 |
|
VISUAL
colorHash
|
07200010400 |
|
VISUAL
cropResistant
|
4d4d4d4d4d4c0c4d,c9ddd4ccdcd4c464,4e0e064661989292,6d7b5753d3c90f8b,ecc88acccc8ac8d9 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.