Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16FF1FEF1C015ED3B436286D5A7B62B1F76D2C349CF02094453F883AF5BDECA0DA22599 |
|
CONTENT
ssdeep
|
96:Tkfm1DtSTBEWhUSPRr8v67TUvYSF/ICUlmVYXq5HlBqX4f4/wRNI7z7mSTyR:Qfm1DcVB8iSFbv35Tf4Hz7Dk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b4b443c333b84bcb |
|
VISUAL
aHash
|
c7c3c3c3ffffff00 |
|
VISUAL
dHash
|
8e9696968e610400 |
|
VISUAL
wHash
|
c3c3c3c3c335ff00 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
8e96969696680004,00a2a2a2a2a2a280,82a2a292a29ad3e2,058480e46ce084c4,888e696969b8f00e,0000000000000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.