Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A7A39897129821FE0122CECC83342F36B0EAA8D6D6471AE58EDD875927DEC44F53B953 |
|
CONTENT
ssdeep
|
3072:vUYeyyg6TbcrQHYaW2QAFggkQ9O04aFSmuUqxPu9S969V9K9a919T9l90eB:vUYqg6TMQHYGPkQ9OjnmuU+zeB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c18f3e2ecccc3e2 |
|
VISUAL
aHash
|
ff0000001800ffff |
|
VISUAL
dHash
|
3afcf0b2b3cac404 |
|
VISUAL
wHash
|
ff000000ff00ffff |
|
VISUAL
colorHash
|
03000e00000 |
|
VISUAL
cropResistant
|
2050263638581800,737b6b4c4495c564,b080c09692b080a2,a2aa926b2b94a2a2,a2aa92abab82a2a2,a2a2a4b3a3a0a2a2,a2a8a4493b84a0a2,a28482497d8282a2,820a824a5ba642a2,a2aa86492b84a2a2,a0a482243482a4a0,00000c0c63032323,bafcf0b2b4b38be0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 935 techniques to evade detection by security scanners and make reverse engineering more difficult.