Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T139235A726732B8A843DF91DDF7383E46B2C2988DE8C74594B5C96A8D13C3C816197BB4 |
|
CONTENT
ssdeep
|
1536:ad+EsZ/8MdOCDaw4MqBIweMqBHwh82+/9dtyDieMvdhf/q42Yw+:aSWtwXwCA820D0jMPF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bb3bc46e6c843c94 |
|
VISUAL
aHash
|
818181818181ffff |
|
VISUAL
dHash
|
7959595941410020 |
|
VISUAL
wHash
|
81898d8181a1ffff |
|
VISUAL
colorHash
|
1b4010000c0 |
|
VISUAL
cropResistant
|
7959595941410020,0000000000010204,3cd8d8d858c8f8c8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.