Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A0E395F0E3826D360163A2D597E66B5573A2E389CBC306C956E583BD0FD6DB0FC490A4 |
|
CONTENT
ssdeep
|
768:yCxa2jKMBgJ5jMwwaIjiqa/6+5j4FaIjijas8/eBUojhOfAQlKOJ9TnT6HabANKt:yxfbJ5jC+5jGeBU2hOf70aRXLTsL0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99cd66236626b39c |
|
VISUAL
aHash
|
20183c3c18180000 |
|
VISUAL
dHash
|
4070707070506800 |
|
VISUAL
wHash
|
3c3c3c3c3c3c3c00 |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
4070707070506800 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 537 techniques to evade detection by security scanners and make reverse engineering more difficult.