Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FE93D77051A1E5BB4093CBF0E731EB67B38AA2D9CAC3464582E8C34E5DDFCA6DC06564 |
|
CONTENT
ssdeep
|
1536:wTp52WizEwML8wkZWgAdpc4T9tpYYyfSBuB/BbB3BcB+BKBHBzBoBsBtBhB/BYBT:wkYLMZvUpc4THpYYm |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b94d1ec667124b36 |
|
VISUAL
aHash
|
04c3c3c3d3ffc783 |
|
VISUAL
dHash
|
4d333b0b36332d3b |
|
VISUAL
wHash
|
04c1c3c3c3ffc783 |
|
VISUAL
colorHash
|
07600018000 |
|
VISUAL
cropResistant
|
4d333b0b36332d3b,2059a5a3b3b14920,c0202020202020c0,78e86969495c1c2f,5c58d8d8d8d8cbeb,642619c065212343 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 768 techniques to evade detection by security scanners and make reverse engineering more difficult.