Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T114A297B244D47D361316A3CB873BBB27B292D455C602E1C9C1D363AC6AAACD0DF5AD1C |
|
CONTENT
ssdeep
|
384:axMejzHvzJ6fiBneZnq7/fWuQmq0vzTKS4ayBNKxsvacNtm:a3HLhiNPx0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd3639e48633c693 |
|
VISUAL
aHash
|
02183c3c3c784818 |
|
VISUAL
dHash
|
e4b36860e4e4d2f2 |
|
VISUAL
wHash
|
3e183c3c3e78687a |
|
VISUAL
colorHash
|
00000000c00 |
|
VISUAL
cropResistant
|
9aa45b4b67378882,8d9bb1a7c2c2587c,786c168ce8ececdc,434c463af2f4c1c2,3c605cb8b8983133,9eb43868cc86361f,3b3b1b1b9836b7ab,e4b36860e4e4d2f2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.