Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T167A317F6E6D8AD25F20377D0F09163562297526ACF4AC9C8DBBC89B4E3D6C884C73491 |
|
CONTENT
ssdeep
|
768:zRPbffnP/CiW2p6kuCS5Wlc/J0FfYa+2o088hdjRPbffnP/QCd9KBY9AZ99bk0ZD:xf/bKG9Ibk0Z0k8VXKaGX1XV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ac03329e7d537896 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
9fcfcfd7373a1c2f |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
03000000380 |
|
VISUAL
cropResistant
|
ffffffffffffffff,c6663696bab4a56a,17322013201e1c2b,df5f3fcbc54dd7d3,7fffffffffffffff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.