Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18FE221B0D2508D3F00ABE2C6D7307B5B72E2928ADA57470207F897799EDBC95EC13499 |
|
CONTENT
ssdeep
|
768:HJZx85eVMNAzhtzsJNJzo1zz8vzqCzui72zCW3zCPwbcbzlTaHSQ6wFUPL4cudO6:j8fxF/XqQByqQ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e94d621646736d4d |
|
VISUAL
aHash
|
00fbfbefff83cbff |
|
VISUAL
dHash
|
4d121212203f1b23 |
|
VISUAL
wHash
|
008bdbebbf8181f1 |
|
VISUAL
colorHash
|
07000000640 |
|
VISUAL
cropResistant
|
1612121a203f1b23,0023034b4b030300 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 9 techniques to evade detection by security scanners and make reverse engineering more difficult.