Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T137C1B67461208A3F72479794F1A2675AA0EEC34EC8536A2CF76D51B637D2CE0891E092 |
|
CONTENT
ssdeep
|
96:aCxZuN8LqfvqdffHAUUzeaVmUQjQI5W86XR9XDiFUIeVKKN/kkFhaNhdkW:aCxZuN8KAHA1iacUQt6B9zW4l/5aNUW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f6d85c2389a6338d |
|
VISUAL
aHash
|
fcfce4ff7f67e7f7 |
|
VISUAL
dHash
|
000008a8d2cc8c24 |
|
VISUAL
wHash
|
f8f860343f2323e3 |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
000008a8d2cc8c24 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 32 techniques to evade detection by security scanners and make reverse engineering more difficult.