Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AA63D632D2491503A047C5C8F136D74A73528795CA138FB977FC17A9EACECF86A72298 |
|
CONTENT
ssdeep
|
1536:fDEabLxb08jfE5EVWVFB9HB4o/zJHmGT7yLPwLoGDeExnAQeyrxk222I2222222v:W8jgnVybwcExrxk222I2222222AXmgVo |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a976cf72f3d8008c |
|
VISUAL
aHash
|
e10133cf4341fb7b |
|
VISUAL
dHash
|
03abe39b8b8bb3fb |
|
VISUAL
wHash
|
c10133cf43437b7b |
|
VISUAL
colorHash
|
07400030000 |
|
VISUAL
cropResistant
|
03abe39b8b8bb3fb,1326668623233343,099964f131272b2b,1a6c2f1b0b632303,4b4b3198d8d08c4d,1326668623233343,3e92db4bd31a2b2b,256d4f7747596b23,1a6c6f1b0b632303,23274e4cce06370b,3d741c1e1693de4f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.