Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T139742BBC130116BDA06B87E5F950F39EA12FD298EA93CD4DF3ACC28127C6C98CD65594 |
|
CONTENT
ssdeep
|
1536:GUT0hdOc4NFfI/6P0rl1HoknsWiXgyqTHHPU2Rn2bI7WVKqhGwilP0rl1HoknsWD:7T0cPP0H/Rn2jKqhG1VP1ePlVUkb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
877a79346c646a87 |
|
VISUAL
aHash
|
803f3d003f003f20 |
|
VISUAL
dHash
|
2379c8c4e4d4d6d2 |
|
VISUAL
wHash
|
803f7f007f107f38 |
|
VISUAL
colorHash
|
180020000c0 |
|
VISUAL
cropResistant
|
9f9173fa1639b535,333b982d111aebcb,8b396f63d8ccc8e0,99970eecf2f8e869,7925bcf4e8d0f033,d84864f4c8c870b2,cc8ea68c6a64d4b2,9666457329a4f871,969696b299a8e4f0,1b5965641696d8a1,8b3b6f63d8dcd8e0,7925bef4e8d0e033,1e8c368ca896a861,2379c8c4e4d4d6d2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 38 techniques to evade detection by security scanners and make reverse engineering more difficult.