Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T180745C26E090643741E761F4F4F76354F9B33298D2098E0078FD9089B76EED89B73A99 |
|
CONTENT
ssdeep
|
6144:86Oz7JXfhXSN4VnZUYxB1jC0PkfeKpUOvJM:86QVXfhXSNx0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
96a96ad649f24996 |
|
VISUAL
aHash
|
ff1f1f1f1e0e0600 |
|
VISUAL
dHash
|
ac5dd4d454544c30 |
|
VISUAL
wHash
|
ff0f1f1f1e1e0600 |
|
VISUAL
colorHash
|
0e400038000 |
|
VISUAL
cropResistant
|
8c5dd4d4dc544c1c,b2b55936b2b8b1b2,82324d4d4d328aa2,a2a20a4c4c108d82,0000022725010000,edecee6e6d6ce545,4101013133110141,4151514141454503,35359092b0b49411 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 92 techniques to evade detection by security scanners and make reverse engineering more difficult.