Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11382C9509011180E9073B1E4FDE1EB5B7353835AC3470AA8D6F9BA1AD6CFFA41D631A7 |
|
CONTENT
ssdeep
|
384:XMczQWeB+6Rc2b/wGK+TvK01H+a35JSs5ZB5wW:XMcPAwt+TiWeS/Xth |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
83777c495d632349 |
|
VISUAL
aHash
|
00ffe7ffffffff00 |
|
VISUAL
dHash
|
4808cdc9f1e9412c |
|
VISUAL
wHash
|
00e765657d3cff00 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
4c4ccdc9f1e9616c,0000004141408000,00080e0f0f000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.