Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15FF102388088923687D362E25B246B8BF5A6C365CB1B0A052BF4537D89FCF55ECD5B90 |
|
CONTENT
ssdeep
|
192:O1CZJ2AFwc7gTX242k2H2k24T28212t2d2G2v2/2AH2Z222H252z8To:u0tw06X7fgLtTbe8gl4u5o748q88 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c0ede082938fbdb8 |
|
VISUAL
aHash
|
ff60003c44747454 |
|
VISUAL
dHash
|
c480a2f4b8acaca8 |
|
VISUAL
wHash
|
ff70506c547c645c |
|
VISUAL
colorHash
|
38000400058 |
|
VISUAL
cropResistant
|
8000000000000000,c484a2b4a8acaca8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1796 techniques to evade detection by security scanners and make reverse engineering more difficult.