Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F93248728140566B424282D0D1F2BB4AF552C61DCE930E41D7F6CBDABAC6EECF83219D |
|
CONTENT
ssdeep
|
192:CFPhh0LhhLd5hhBwewu0fY02RZwQ99eYTcOGS9+bzOkUMjtVpkfEJyfE/:0ALHufY0uZ39guf9QNpkRE/ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a9a92235e0e6e6dc |
|
VISUAL
aHash
|
c309b9dbdb0024c1 |
|
VISUAL
dHash
|
963b2babb286d4b3 |
|
VISUAL
wHash
|
c309fbdbdb003cc1 |
|
VISUAL
colorHash
|
10000030000 |
|
VISUAL
cropResistant
|
f0d0dc7cfce880c3,365249099cc6dada,e0cce4c4e0e4f434,468ed9726ce99143,d92cc4e2b2bb1c1c,332bdc8d19e1c121,890b2c1999d9a929,3535554e6e4a54b5,2c2d27aa20a9a9b1,963b2babb286d4b3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.