Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17844F8B5931C756F204B8BC8EE727634E36F95B8B57A82A08E5FC7700587CD4EA1B850 |
|
CONTENT
ssdeep
|
1536:o3q30Z31avIX5s7xi48dv5/+PXiM46y5qYN39YB2i8eeSy8AHr+8iANw2KJi2gcs:oaEZlaf8ZGmZwyXdT4Xvac6x7LOU+o |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b44b4b34c3bccd34 |
|
VISUAL
aHash
|
0000ffffc7c7c7df |
|
VISUAL
dHash
|
cce1231f0f2f1d2e |
|
VISUAL
wHash
|
0000ffff838787c7 |
|
VISUAL
colorHash
|
0e000038000 |
|
VISUAL
cropResistant
|
e8c1e9e9e9e9d4b7,17221e0f2f1f1d2e,c4dcd4c986e9e9e9,77f7f7d4d4f7f7f7,8c6ee4e5ac9aded9 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 63857 techniques to evade detection by security scanners and make reverse engineering more difficult.