Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T186C32321C6A41333D205078AE7DB7B56279BC1C7CCA2BCB8A1708175D7BAD891C77DA2 |
|
CONTENT
ssdeep
|
3072:R1K3rjylK2E6IOZuagKI3ImJS2gcIYLQICeIkPksuGIyIhuBn9zgh:rK7Q5IBf3Npgh |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c912ecb6c38b326d |
|
VISUAL
aHash
|
ff0008380040fbfb |
|
VISUAL
dHash
|
2e3159d9d59d3333 |
|
VISUAL
wHash
|
ff10083820e1fbfb |
|
VISUAL
colorHash
|
0f007000000 |
|
VISUAL
cropResistant
|
502a2f224a2a2535,1159d1d59dc31333,6e8cc94e6e8ccd09,5acce3f1bcee969b,00020c04040c0304,35315bd9d1d1958d,e6844c99336746cc,275dfd94dcdac2c7 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 52 techniques to evade detection by security scanners and make reverse engineering more difficult.