Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B96243B02191AA7F01D786F1B3227FAF72E4C749CA5B9759B3F483991BCAC54DD10222 |
|
CONTENT
ssdeep
|
192:fjZWsUPya9IRclpfku0QYrdq0SgvKERUWO:f1mPIdq0VvKEWWO |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c98b3e4db95a2b1 |
|
VISUAL
aHash
|
ff10181810320200 |
|
VISUAL
dHash
|
65a03860e0e666c8 |
|
VISUAL
wHash
|
ff181e3e38761e20 |
|
VISUAL
colorHash
|
31e00010000 |
|
VISUAL
cropResistant
|
0064606e6c7000a0,aa80c823b2808082,24287060e6e66e49 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 50 techniques to evade detection by security scanners and make reverse engineering more difficult.