Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T113A33CA43A58F6665AF34393109F1503B379553B580E4D20A350ECAE72BCC9BA077FDA |
|
CONTENT
ssdeep
|
1536:7gDYRqL79RpX6fboQoCo2h2wV9Q/oDtVPTMn56QfJuBrupq8P:APpXexMAQgDnAfMruB |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
87f4f800f817f8f0 |
|
VISUAL
aHash
|
3f3f3f3f3f3f3f3f |
|
VISUAL
dHash
|
e86e6b6beae9686b |
|
VISUAL
wHash
|
00233f3b3b3f3f01 |
|
VISUAL
colorHash
|
06000038000 |
|
VISUAL
cropResistant
|
686e6a6beae9686b,e4c48c83cc3833d4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.