Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D1D309747206653B621303B1206A170F31B6B32EDD074D14F7B8E59F9BD8C95EC6BAA8 |
|
CONTENT
ssdeep
|
1536:HNF8lK3X0LSE0kystUkLx4TESLwsGSMBDLw1j90+1LmjzQ:QK3ySWyvTTTwsiW16+1b |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b5b54a4a6ba5c352 |
|
VISUAL
aHash
|
000e6f6702000000 |
|
VISUAL
dHash
|
ca16d6d64a7955d2 |
|
VISUAL
wHash
|
7f0e6f6f261c003c |
|
VISUAL
colorHash
|
38000030000 |
|
VISUAL
cropResistant
|
f0f8f4f4a4f4f9d3,ca16d6d64a7955d2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4719 techniques to evade detection by security scanners and make reverse engineering more difficult.