Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T189A283553B02016E5277A7E8BE90BF6A7CB3E74BB5698450E5BF77904EC3CA4E904430 |
|
CONTENT
ssdeep
|
384:eDj/w4txUAC86YHom0hrEFu43DOtbtpBAga/2gxa:eDs4txJZN0hYFGbtpGx+8a |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
953f85ea6ec06ac4 |
|
VISUAL
aHash
|
ff0e06000000ffff |
|
VISUAL
dHash
|
c8ba9aba788aaaaa |
|
VISUAL
wHash
|
ff0f06060000ffff |
|
VISUAL
colorHash
|
320000001c0 |
|
VISUAL
cropResistant
|
00c1c4c4c4c48140,dafe7a727a80727a,c0d2e2e4c4d4d474,40c0c47642572400,e2d2ea2cb26eac82,e2d2da4ca206a482,c0d0d626ab5fd480,0000000000000000,f8ba9aba788aaaaa |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.