Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1851365315843E1454563E2D9BA90639DF163A24ECB7A044CD1FAA68BF3FFC648D232D5 |
|
CONTENT
ssdeep
|
768:dGWZAkJMxiVOxXxxIo3Tf593sksQwHeHjptfxYr0zd7ScpNDPN/bZdcsEJrLBM2i:ALkJMxiVOxXxxIo3TfbQeVwJrLW8TU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ddbabbc0c4c4a385 |
|
VISUAL
aHash
|
ff8880f0f0c0f8e0 |
|
VISUAL
dHash
|
195b4924a650d08b |
|
VISUAL
wHash
|
ff89a0f0f0d0f8e0 |
|
VISUAL
colorHash
|
07c08000000 |
|
VISUAL
cropResistant
|
195b4924a650d08b,1527078f0d096927,6963860903010101,60f030301111149e,723633330d1f9e8c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 26 techniques to evade detection by security scanners and make reverse engineering more difficult.