Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T185F1DE29128B6A7F40C7C6F2E31117A5E2E4C3C4DA17774AEAF483D91BD9D60CD4A360 |
|
CONTENT
ssdeep
|
96:1WU5riPGDJ28aYO51GFoKnrHiWF0u0eRzaRKfF72rqMb85AokJTdgzHKTzDTC6Vl:1lJMYOArI8YvSyl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
997966661919ce6c |
|
VISUAL
aHash
|
000018181c3c1800 |
|
VISUAL
dHash
|
31ccb2b2716996aa |
|
VISUAL
wHash
|
00031b1f3f3f1f0f |
|
VISUAL
colorHash
|
00003000180 |
|
VISUAL
cropResistant
|
a080686b7578d0a0,a280686b6568d0a2,a2c0686a667890a2,4d4526664e471539,31ccb2b2716996aa |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 58 techniques to evade detection by security scanners and make reverse engineering more difficult.