Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17834E8F8132059FCB9C2FAF6AB523525342284FBF70A5998C2B40D5C18C59ADCDE79D2 |
|
CONTENT
ssdeep
|
1536:wMFzFjDRGm3jfP20ueJvFzFjDRGm3jfP20ueaLC9/6p0ueD5Yz1IqtqXV7mUAlA0:lV1jizOqtqXV7mUAlANS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c4c43b3b572f5486 |
|
VISUAL
aHash
|
0072f67676020160 |
|
VISUAL
dHash
|
69b4e4eccc9633d5 |
|
VISUAL
wHash
|
0076f6f6fe460361 |
|
VISUAL
colorHash
|
01006000000 |
|
VISUAL
cropResistant
|
e78672384d68a989,4b6fe4d3d965656e,a2aeae985a5aaccc,6868ec44555bac8d,69b4e4eccc9633d5,212fa8b559759b7b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.