Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T125F1ECF0D040ED3B435386D9A7BA6F0B76D1C749CF071A4593F883AB6BCAC60CA25599 |
|
CONTENT
ssdeep
|
96:Tk5nfzD71tDlt8v67McdwBtH92wvFYQeVX5HFFepXRX/ghyt66fq87YxJ:Q5nfzD715lt8iIGwB5e/KjX+yAaq87e |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e4e4139b1bc54799 |
|
VISUAL
aHash
|
f7d3f3d3dfffff00 |
|
VISUAL
dHash
|
0626262630400000 |
|
VISUAL
wHash
|
f0c0c0c0d0f0ff00 |
|
VISUAL
colorHash
|
07000400038 |
|
VISUAL
cropResistant
|
06262626b0000000,689668716c96e803 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.