Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10AE384F2E150102E43637AEBF1A57B0D7117E30ECD568D80A6E9C2A577F2DA097AB740 |
|
CONTENT
ssdeep
|
1536:DFIsM3yNlBl9lQNcKSezyFjaWHsR3LbtnX9fQlTW9:ItyFjHS7btnX++ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9382f8f2e8a9a6b2 |
|
VISUAL
aHash
|
ff3c3c3c3c3c0800 |
|
VISUAL
dHash
|
d8d4ccf0d4c4f033 |
|
VISUAL
wHash
|
ff3c3c3e7c3c0808 |
|
VISUAL
colorHash
|
30000030000 |
|
VISUAL
cropResistant
|
00205c4d4c100830,5474444cb55557aa,f0ccf0f0ccd4f031 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 167 techniques to evade detection by security scanners and make reverse engineering more difficult.