Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T196D153B186118D3B20B3C3D4E2A5377922E1824ADA47022447FEC37D8BDDC59F93B589 |
|
CONTENT
ssdeep
|
96:TULdqBnVLXM+T2eYW/+X++fqTamZhn+xwZqvZ4AxTW5NPr:ALWnVL8e2YmOZBZhn+xwMv7xK5x |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cee6378e31991964 |
|
VISUAL
aHash
|
227c783c383c3c00 |
|
VISUAL
dHash
|
cee8e0f8e1617106 |
|
VISUAL
wHash
|
677e7c7c383c3c00 |
|
VISUAL
colorHash
|
38003000000 |
|
VISUAL
cropResistant
|
00201c4d4d4c3008,cee8e0f8e1617106 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 106 techniques to evade detection by security scanners and make reverse engineering more difficult.