Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T195F274A1118D28BF0106B097DC087A0D79E355FEFF7B535216B8697F36E2438CA6D229 |
|
CONTENT
ssdeep
|
384:XLxGyu7ZacYKc+nm5GWccOOEDx7SwN2RT5JqDN8Rszgq95v7j0iwsPy:9K9pccwOOEDxWOST+588R5v7Aiwz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c06beb946ab494b6 |
|
VISUAL
aHash
|
ff0000007e7e7e00 |
|
VISUAL
dHash
|
35c0c400f0c0c4d0 |
|
VISUAL
wHash
|
ff2002007e7e7e78 |
|
VISUAL
colorHash
|
3a003000180 |
|
VISUAL
cropResistant
|
4049408d8d000200,407171717d464644,c1c4c400f4c0c4d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 41 techniques to evade detection by security scanners and make reverse engineering more difficult.