Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17A53753292965C139097D2D9F1708B0E3381C785CB134B6563F957BEBECACB6AE1129C |
|
CONTENT
ssdeep
|
1536:ppiZZ9Q91+1s3CBc1z1WP1gvCl171w1gx15a+XI7DyeeeewyeqeMeeeeHIeeee0t:e0Es3rRW9gvkZKgz012JQXUYiSp6YQSO |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
926ccd3233c98eb6 |
|
VISUAL
aHash
|
7911784806466e7c |
|
VISUAL
dHash
|
aba3e38aad9dd9d9 |
|
VISUAL
wHash
|
71307c4b47476c7c |
|
VISUAL
colorHash
|
02000030000 |
|
VISUAL
cropResistant
|
646c3066da393060,d8ce89898daa8bcc,d9cda8a8acaca8c5,d8ce89898daa8bcc,4a092c2e0cda8cc8,d8ce88898daa8bcc,d8ce89898daa8bcc,d8ce89898daa8bcc,d8ce88898daa8bcc,aba3e38aad9dd9d9,3d741c3e1693de4f,97c56931f1e1a0ac,4b437198d8d08c4d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.