Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EEE3C8B0F16094BE41AFD2E2F3327B5AA2D7E306DECD02D6D2E947A805D6D64EC13056 |
|
CONTENT
ssdeep
|
768:NdEIQiGjG1W5vxDbya6gCWDRopuis/UdW3lJtA9hvvDP3EeOtg6tuxaVQ80+tuGE:bBzGS1QvofWghvvgtn0+TgCXFGZvezdI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b8454f411e926ded |
|
VISUAL
aHash
|
0000c3cfc3c3ef81 |
|
VISUAL
dHash
|
f0231f3c9b9b9823 |
|
VISUAL
wHash
|
0000c3cfcfcfff81 |
|
VISUAL
colorHash
|
16200018008 |
|
VISUAL
cropResistant
|
c000a068680000c0,231f3c9b9b9c9d23,103233c800e07169,a5a4353455135151,a2babc3138202139,d296505454535251,7d7f7fdcd47f7f73,4945545252141441 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 39 techniques to evade detection by security scanners and make reverse engineering more difficult.