Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B1F286705330593E019FA7E1E760AB7E92BFC781DA4797EEE39C4116278AC18CD436A4 |
|
CONTENT
ssdeep
|
384:cH1JGY1LQ6sSXfx4bxNxxx8QCYkox5Rx4Wxa3vxYvxEvxiy8QCWuo1:cVJGY1c6sSXGbN8D3em98WX1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c47b97843b6ad1c4 |
|
VISUAL
aHash
|
000060007e7e7e7e |
|
VISUAL
dHash
|
37c8c8c9e4e4c4c4 |
|
VISUAL
wHash
|
00607c407e7e7e7e |
|
VISUAL
colorHash
|
38000038200 |
|
VISUAL
cropResistant
|
7038342080000000,7038486080400000,89cc340200208b83,4018a4c598849140,37c8c8c9e4e4c4c4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.