Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19E04A6F1D240E73EB103D1276DBCC848E3A59B09EBD98B94A2CCDC5985CD91F467DA88 |
|
CONTENT
ssdeep
|
1536:Wcfj/XNdlPJTo+CC7bDZs0UAUDQY32bIQZTq/C3NftHtveH3Nfvdttau/pEAxPRQ:Wc7RK+CSDZs0UfN32r4dQACj |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b17d039cf10a3772 |
|
VISUAL
aHash
|
67a3c3c1da1f3f67 |
|
VISUAL
dHash
|
cd4e0a931438edcd |
|
VISUAL
wHash
|
2783c3c0da1f3f07 |
|
VISUAL
colorHash
|
03006000040 |
|
VISUAL
cropResistant
|
cd4e0a931438edcd,4937da49015d4d59,41bcb3a4a4b33c41,470f176b67532114,1bbb6a5db5b59d6d,686137554525257a |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 194332 techniques to evade detection by security scanners and make reverse engineering more difficult.