Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T188048430C190ED2706DB96FAF5B92F1B72D0862DCB031A0653FD929A2FCACF5AD12155 |
|
CONTENT
ssdeep
|
3072:f+rxx+O9ukYnoF0RcGK6XX8Ki5Sc3qK01Uu5vD5xbxTixr4w3T2k34NRgUVOl2X/:kxfFyK6XX815tuxgDvi/l |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
901246ee6151eaff |
|
VISUAL
aHash
|
ff040c00ffff0000 |
|
VISUAL
dHash
|
bcfcf8b82e2fd045 |
|
VISUAL
wHash
|
ff040c00ffff003e |
|
VISUAL
colorHash
|
060000000c1 |
|
VISUAL
cropResistant
|
84bcfcf878f8b8b8,da0e2e2b2f2c3308,c080cccccccc84c0,fcfcf878f8b8b89a,746469546150444c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 73 techniques to evade detection by security scanners and make reverse engineering more difficult.