Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T139A263B09145887750E7E1D6B2769F2F31E2834AC9420604D2FED3B997EEDA8FE03465 |
|
CONTENT
ssdeep
|
384:zN18oEeetLyxV5/WCIKdQBJ/WSTneRxTi6Aa6jVilmbBlmSbMlm2uUlmkwBDp38Q:zN18oEeOmxV5/WaQBxWSTneLe6F6R8mj |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fe3fc934275111c4 |
|
VISUAL
aHash
|
81998181c7c37afb |
|
VISUAL
dHash
|
7371332fae9e9692 |
|
VISUAL
wHash
|
81b98181c7c37afb |
|
VISUAL
colorHash
|
18002000180 |
|
VISUAL
cropResistant
|
7371332fae9e9692 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5879 techniques to evade detection by security scanners and make reverse engineering more difficult.