Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DEE22B33E5849D33D26352D2F14566D19BE9B258CBE24F70BE9C80B9F3C1CE9193A168 |
|
CONTENT
ssdeep
|
768:RX15llN1FCiW26kutS5WCM/J0F7ZNVX15llN1FkQ5IdAx7ygbdl:xdZ7IdAPbdl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fc454ebc30431abe |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
00c2c0d036332f3f |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
03000000038 |
|
VISUAL
cropResistant
|
d90929a6b4e4ce33,d4c48086a680d4d4,2636310b332c2f33,800030c2c6e8d6d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.