Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T101936DF4A080FE22017350D770ABC60BB37E490FB92E4990F6DDC6D572E986A61376E5 |
|
CONTENT
ssdeep
|
1536:C87vZBlGPbTKFdgm7BKC+Tv1VrAxTYWzQ2N0msQw:C8bZSbM8CO6Vw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c54747b4b4b071d3 |
|
VISUAL
aHash
|
000000ffffffffff |
|
VISUAL
dHash
|
c4e3d236360e1d8a |
|
VISUAL
wHash
|
000000ffffffff00 |
|
VISUAL
colorHash
|
16000250002 |
|
VISUAL
cropResistant
|
78b33a3c70b062b2,321f32160e1c1b8a,9cc463e0e2c2c232,823aeacaca3a8a02 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 37 techniques to evade detection by security scanners and make reverse engineering more difficult.