Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1483395352208193E62138A9DF2F47339626FC348C99B5959F7EE12F15BC3D86D92B2C4 |
|
CONTENT
ssdeep
|
768:NT9+RftbIlLSqPCDVBU/dwaXRHH0PIhg4puwcsJffsjCnatvMDVCXPS+YTHMDOB:NT8kCXPU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8393464c3c9e5b67 |
|
VISUAL
aHash
|
7c7e6f0f203c3c00 |
|
VISUAL
dHash
|
c1ccc979c3d0c4c4 |
|
VISUAL
wHash
|
7c7f7f0f203c3c00 |
|
VISUAL
colorHash
|
30007000000 |
|
VISUAL
cropResistant
|
c1ccc979c3d0c4c4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5404 techniques to evade detection by security scanners and make reverse engineering more difficult.