Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T127B2A77651D9EDB7119B81E57661D75F72A0EB80CC6703094AF2874E1EE3C8ABC18E0E |
|
CONTENT
ssdeep
|
384:e8z9WifIFsRM9IaaakaZlmg2C17uEyGu6yrO8EryAS90:ePif2IM9vaa1Ag267uE95yK8EEa |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9292e96d6d86919b |
|
VISUAL
aHash
|
fb0e2e2600203c00 |
|
VISUAL
dHash
|
93ecdccc92c8c844 |
|
VISUAL
wHash
|
ff3f3f6e00607c00 |
|
VISUAL
colorHash
|
38000600010 |
|
VISUAL
cropResistant
|
ffffffdf9f9fdfff,76ea640e0c6ffccf,93ecdccc92c8c844 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 42 techniques to evade detection by security scanners and make reverse engineering more difficult.