Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EEE172B4A780BB3B119783C6E7AAA73773E58686D581014286FEC3880BF5D90EC47E55 |
|
CONTENT
ssdeep
|
48:zPRBDPKTrHqbgnHLBimq8c6Squn75eahxkE/pqbgn3A1qHCOtqKZLLK97xK2QhTx:DRBjKHrBQ6Mt5L2Imh52AecWGqA9e |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed6d92c3cc92921b |
|
VISUAL
aHash
|
fbc1c1d1d1fbcfff |
|
VISUAL
dHash
|
6313133333033826 |
|
VISUAL
wHash
|
b1818181d1f387ff |
|
VISUAL
colorHash
|
07200000280 |
|
VISUAL
cropResistant
|
6313133333033826,c48a982329179696,ec7213392d2d9de4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 188 techniques to evade detection by security scanners and make reverse engineering more difficult.