Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T196D243B1A15565370767D3CD2E907B29FBC2429ECD874E0592E8D39D4FCAE92ED0120E |
|
CONTENT
ssdeep
|
768:ldF8g88kF0iJhTnXDtJD8dD94De6DC2DBhDY+//CrJT0e:Wg88kdJ9nXDtJD8dD94De6DC2DBhDdCl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b8e7b638c99292c9 |
|
VISUAL
aHash
|
ff83dfdf999f9f9f |
|
VISUAL
dHash
|
f016b0b033303438 |
|
VISUAL
wHash
|
3e801e1e991e1e9f |
|
VISUAL
colorHash
|
07206008000 |
|
VISUAL
cropResistant
|
f016b0b033303438,4555456969554545,59c5090101010101,4181010101010101 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.