Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T101128631D3542618239E8255FB22D6DE734086A1C31D0FA96B79473FF89D2E4C93A6EC |
|
CONTENT
ssdeep
|
192:/9DeDUZAdud3z/HbU3GGSoSQIhBbXSbO9Irp+V80MB7M1x7JpjCgcHjbZi8Kk1tA:/HGd8/nGSXlbXSb/46l/IaI9hB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bc3c3d3c90c3c3c6 |
|
VISUAL
aHash
|
8181ffdfdfffc7ff |
|
VISUAL
dHash
|
3f3f273f3d3f3f2f |
|
VISUAL
wHash
|
8181838f87dfc3c7 |
|
VISUAL
colorHash
|
07000000180 |
|
VISUAL
cropResistant
|
3f3f273f3d3f3f2f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.