Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15A5387B180BDA53A41BE36C4A564F798B3A38307CF805FF513E862AC87C1E94ED5B459 |
|
CONTENT
ssdeep
|
768:CqyzQBH1D6eRT69QFU56eRT69QFUhKHzIb9hGmLw58/GqP/X/w8Ivv8+/8kV:VH4jQ2AjQ2hKHUb6k/HXqn8+/R |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e9941b1b966d381b |
|
VISUAL
aHash
|
00fbf1f3ff99f9d9 |
|
VISUAL
dHash
|
4c22334703333393 |
|
VISUAL
wHash
|
00fb91f1ff8181d9 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
483337471b333393,4060600000808000,334de3636b33777d,0135353135191905,4941397935393907 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4000 techniques to evade detection by security scanners and make reverse engineering more difficult.