Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1649208732250663E64A782FEF622F3A971DAD14ED1238694A3FE13B21BD3C95D721740 |
|
CONTENT
ssdeep
|
384:fgG8RtM/CKzjKfKGhtMvSgaCIdN0cBGakQa4lP5pE4L2NjaNcFK:fgFbKzjKfKETgaCI/ZZp5CmkaNcFK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
930bec2cb4ee45b2 |
|
VISUAL
aHash
|
ff0000000000ffff |
|
VISUAL
dHash
|
32f0d8d858782f3c |
|
VISUAL
wHash
|
ff082c0c0c00ffff |
|
VISUAL
colorHash
|
32000000e00 |
|
VISUAL
cropResistant
|
20002023235400f0,a8a8a8a8a8a8a8a8,c2c2eac2c2c2cac2,0000202c2c3c3008,70f0d8e8d8d8d822 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.