Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BE73F99E6854602A472740F394BB2FC9F7391C2FF91815D1A4B8C7A1B2EC9F13166B4B |
|
CONTENT
ssdeep
|
768:6yWuPWH/y/u51RFLcG8n+CWj/ur2s1Z5RSL1nU9TH+9X8U3fcbs/2pkwdJB02skK:GMd45sLyOloQzZs8oWQbp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3752a65227722c7 |
|
VISUAL
aHash
|
c3c7c7c7c7c7e7c7 |
|
VISUAL
dHash
|
8e940c0c0c1e0e9d |
|
VISUAL
wHash
|
c3c3c3c3c3c3c3c3 |
|
VISUAL
colorHash
|
00000000e00 |
|
VISUAL
cropResistant
|
8e940c0c0c1e0e9d,9749495ad65b09ad,89eaa09595b51554,adac5453d5113169,d1d56e6c6d4d2636 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 694 techniques to evade detection by security scanners and make reverse engineering more difficult.