Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13013A67451DDA6BF2183C7E4CB32522A739AD5A5FA3746814BFDC7A89BD2C98CC03940 |
|
CONTENT
ssdeep
|
768:hubd2bv6r+69CnrPyAYhEAt2Sa7BLli0y0o8Oo80nQqy:yd2TaCPyPEAt2SaNp5nQqy |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8d11ba24fad54ed4 |
|
VISUAL
aHash
|
7f0818181210ffff |
|
VISUAL
dHash
|
f47372d6f6e6e63b |
|
VISUAL
wHash
|
7f0818381211ffbf |
|
VISUAL
colorHash
|
16e00008000 |
|
VISUAL
cropResistant
|
a4767b727272d292,f9f15961b1b671e1,dc3c7e7ef081c0c0,9676728676d4233b,991c9e34b69c1636,860976969e926002,078180a0b0b0b0b0,f4737270d6f676e6,5b97afdfbf7fffff,23331fc7c3d1d4d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 37 techniques to evade detection by security scanners and make reverse engineering more difficult.