Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DB03FF713243497FDACB92D6FA646E89E18AD35BC2139C48B7F24247DF82D64FC09660 |
|
CONTENT
ssdeep
|
768:V6J1D5x9WhoHhW/9ttPuejDg1He11KY2VZ7viJBJBse+fZHzaDbcduhsty0gKIBm:dMMVT2Oa2k |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9647ed6938933296 |
|
VISUAL
aHash
|
000006040400ffdf |
|
VISUAL
dHash
|
92e4cccccc4430b7 |
|
VISUAL
wHash
|
0006060e06ffffdf |
|
VISUAL
colorHash
|
3a000000e00 |
|
VISUAL
cropResistant
|
3ffce2d2e6b2a802,9ffcd2840cec0c7c,200030343034b6b3,9416ecccecccdc24,3d0d4c5f7565433f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 96 techniques to evade detection by security scanners and make reverse engineering more difficult.