Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T189A13302E3161A193374C9C8A8AB33E0F266450AF6610A4D575DC37EF4CE97BB75239E |
|
CONTENT
ssdeep
|
96:TtPCTc98+hEQQ+vjOnk4YSTyfz4gUeNBBznazTQ/qMP34A6OTkVHRuE+IzE:RCTiXR7wR2fUgl3ir4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
eea0b18cceb1b1cc |
|
VISUAL
aHash
|
ff8181b9bd818181 |
|
VISUAL
dHash
|
4141456161454141 |
|
VISUAL
wHash
|
ff8181bdbd818181 |
|
VISUAL
colorHash
|
38001200030 |
|
VISUAL
cropResistant
|
4141456161454141,01010d6161050101 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 25 techniques to evade detection by security scanners and make reverse engineering more difficult.