Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T102E28524BA50A93F01EB85DDF6352B16AFB08240D3925755E3F88BBD8BD6C54DC3268C |
|
CONTENT
ssdeep
|
384:5ExXdCAi8wF707p8sNbkDfKpoOFDS2YB1f6ttrQaY:6XCAi9FY1GbKpPDY1Sj0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3c53cb1f0c6c339 |
|
VISUAL
aHash
|
423078787c7c0440 |
|
VISUAL
dHash
|
96e0c1c0d8c86c93 |
|
VISUAL
wHash
|
62387c7c7c7c3c41 |
|
VISUAL
colorHash
|
300020001c0 |
|
VISUAL
cropResistant
|
cdc953767655d5c5,96e0c1c0d8c86c93 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 45 techniques to evade detection by security scanners and make reverse engineering more difficult.