Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1649307F7D6C8A925F20377D1F0A1631612A7112EDF4AC9C8DBBC85B4A3D6C884C77992 |
|
CONTENT
ssdeep
|
768:rBnD33PnXCiW2p6kudS5WTj/J0FfAq2+gE88Fd9ABnD33PnXEv5goEgpmTnsqsKY:sO9tgoEgpmTnsqsSCF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f34352bd2d442cbc |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
90c8c4d23f1a3c2f |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
030001c0000 |
|
VISUAL
cropResistant
|
e1c9797979792cb9,d566269296929694,273e1923122c3c2b,846028c9ccd6d0d8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.