Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CE448471A061E53B4E47AAF0F562575F72C3E34FC54347D6E2F987A91AC6CE2B822108 |
|
CONTENT
ssdeep
|
6144:Z8cmj5rZVs+xjCQ/0Ikr4krC8rjGDQ/5tqILO0Et/k8VIxoaHhK38FSis/Buy+xt:Es+xjCQ/0Ikr4krC8rjGDQ/5tXLO0EtK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
81b36c4f363c7962 |
|
VISUAL
aHash
|
007f7f7f0e183800 |
|
VISUAL
dHash
|
ccd8deded8f2f3b5 |
|
VISUAL
wHash
|
007f7f7f2f383800 |
|
VISUAL
colorHash
|
0e006000000 |
|
VISUAL
cropResistant
|
d4d4b4b6b2b4f49e,4e6e76b6ac4c54cc,ccd8deded8f2f3b5,23a1c74b33656165 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 45 techniques to evade detection by security scanners and make reverse engineering more difficult.