Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10263EAE3131412BF2D6302E6DA45235FB3A5904DEF1252D4F4EEC1B8238BD985972BD9 |
|
CONTENT
ssdeep
|
1536:D8uOYwWxtvowNk8hTTssTVBn8dt3xSmDHj+qfwn:D8K/Xww5TsgVB833xSiKqfwn |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c141be3e3eea6131 |
|
VISUAL
aHash
|
000040000099ffff |
|
VISUAL
dHash
|
24d4d6d034717171 |
|
VISUAL
wHash
|
8260606000ffffff |
|
VISUAL
colorHash
|
02000000e00 |
|
VISUAL
cropResistant
|
5153b26caa6333b0,71cccecc8c92cc71,a294a22b1de680a2,3171cd610f71715d,26f4d6d6d2d01450,0000000000010180,8040404000404080,8000000000000080 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 946 techniques to evade detection by security scanners and make reverse engineering more difficult.