Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10A63D9F4D26484BC480FD3DA96316A5D339EACEDF9534A148BFC4B649753E98DB03888 |
|
CONTENT
ssdeep
|
1536:5XAU+wxFaPSXFDIiF7mcx6wkZZIRZuhkrF2iP8jcICOuPiZ5Qn7O0+0FTq0+:5gRIEkrlIJ0sW737FT1+ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bb3bd5c564648585 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
5979713923002727 |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
17406000000 |
|
VISUAL
cropResistant
|
5979713923002727,70b972c2e8b184c2,4041704b4b704100,7878f0f2f0b8a069 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.