Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A0533AE93711F3244E7302E640AF35163339B65F580C09E0E259D9A9E6B84FAB067FD9 |
|
CONTENT
ssdeep
|
768:FxYj4jQZIMCRAx88MLydkda9ewimFKRIl5c5CGa6kORY7HfvTpiWGMB8v5Wv+M4/:7QwQdeKp3zev0WyTaJDQU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b16dce9e24313366 |
|
VISUAL
aHash
|
ffffc3c3c3e7ffff |
|
VISUAL
dHash
|
4d209e9e8e9c1e0e |
|
VISUAL
wHash
|
00dfc3c3c3c7c3c3 |
|
VISUAL
colorHash
|
07018000018 |
|
VISUAL
cropResistant
|
4d209e9e8e9c1e0e,191edc18d1c78fc7 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 33 techniques to evade detection by security scanners and make reverse engineering more difficult.