Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F841977200889C375182D6C0ABFA327B65CED6158FA21B8153F4C36C9FDAFD4C832956 |
|
CONTENT
ssdeep
|
48:d7OYTNX/v/cr6vTHsZ/VZh1ojl3zGDJLUhH1v1e3uEw8ej:dTH5sJb8R3SLUvdWk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8341fd0d4fc00ff6 |
|
VISUAL
aHash
|
30687c7c3c3dffb9 |
|
VISUAL
dHash
|
f2d0c8c4e0f3b173 |
|
VISUAL
wHash
|
30287c7c3c1c3fb9 |
|
VISUAL
colorHash
|
06e00000000 |
|
VISUAL
cropResistant
|
f2d0c8c4e0f3b173,0300000100080000,5b692e16262737fc,03452535352d5919,e0606060703031d3,0a00424080970780,9cd276492f1b0a43 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.