Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EFF113E1C044DC3B1353C5E6B7B52B5FB596C345CB020E9863FC52EA5BDACA0C923A99 |
|
CONTENT
ssdeep
|
192:Qe/7khOlzH0X1nh1ghmhf0E/R58gh4MQR:QehQh1+mhf0Yg+4n |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d5752a5f0a5d0e46 |
|
VISUAL
aHash
|
00e6fefefefefe00 |
|
VISUAL
dHash
|
aa8c8eb2a88aa2c8 |
|
VISUAL
wHash
|
00467e7e7e7a7e00 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
8e8ca2baaa92a200,a88c8ea2baa892aa |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.