Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19BA356BF21061E6F1143A0C1431CA679E782DA0DD789CA85B3F8C317F9D7EA1CE22995 |
|
CONTENT
ssdeep
|
1536:yqB81RUuQy80/fPETxhot70eNPZbi0bxpaO8pjR:+QyD/fPEzo+wpZad |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e850a696346eb6e6 |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
ccd38b1393282716 |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
03001000180 |
|
VISUAL
cropResistant
|
609090d3d5d79092,082165d19292d6d4,8480968e8e960080,c41a3b2723270017,8cc9d1d38b2b9393 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.