Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1711203E0D044DC3B631385E6B7B62B5F7595C345CF020E9863F853BA5BDACA0C923A99 |
|
CONTENT
ssdeep
|
192:QfH7mohOlzH0X1nhYghyEjgSVz+ZhMIhhZEjQR:QfYQhY+yEU13MmhGM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fbd16ba694a4c4c4 |
|
VISUAL
aHash
|
0000ffffffff0000 |
|
VISUAL
dHash
|
5959d034aa2b6d71 |
|
VISUAL
wHash
|
0000ffffffff0000 |
|
VISUAL
colorHash
|
06000000e00 |
|
VISUAL
cropResistant
|
5959d034aa2b6d71,09041ada5ad9b99a,11aaea6a05200c32 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.