Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T138F4DE33421935260537C6D430B95B37D2AADE5FFAE70A010EECD7E62BEDCA0745A11A |
|
CONTENT
ssdeep
|
6144:W0N6Jfaq3h6Jla7l6JKWKZ6JYZaGLtcupy+LhNfen:W0vLYaCtcupy+LHC |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a353ec2cd492b9d4 |
|
VISUAL
aHash
|
ff00040c0003ffff |
|
VISUAL
dHash
|
3bc2d8d8e6d30b00 |
|
VISUAL
wHash
|
ff000e0e0003ffff |
|
VISUAL
colorHash
|
32001000180 |
|
VISUAL
cropResistant
|
0042302323500000,e0e0707070717061,888888aaaa8a8888,820080c0c0c08080,c0c0c0b0b0c0c0c0,f3d3cb33080d0000,1acac8d8f8e6d3db |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 45 techniques to evade detection by security scanners and make reverse engineering more difficult.