Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FF1361725185AA3702A3E3E16736975FB3E5C249CE93124257F8C36D4FDBCA9EC22901 |
|
CONTENT
ssdeep
|
768:AriAriArA6SbsZO44VeUJPNeAExSgeeeoeee8eeeIeeejI9ZiPov3RGZH+K0PWF:BBkSf447PN0xSgeeeoeee8eeeIeeejIm |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
912eaed57b845178 |
|
VISUAL
aHash
|
ff1d0000007eff00 |
|
VISUAL
dHash
|
7161f0b01ad4f433 |
|
VISUAL
wHash
|
ffff1800007eff00 |
|
VISUAL
colorHash
|
020000001c0 |
|
VISUAL
cropResistant
|
949440696161608b,5aac240b8b1434b3,dcccd4c43b3b0723,0094939494949384,f2e8f0f0ac1ad8c4,0004323255514900 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 51 techniques to evade detection by security scanners and make reverse engineering more difficult.