Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T176038531A158993AE19782E5E7A233BF31F7939DC54E0114D2FD83B85BC6D89EC2B190 |
|
CONTENT
ssdeep
|
384:UkZYQEuyTnAkFX2p0xOSMKIFWfbQiRRbXcLbtvgUdSIfVwLy1nyQmN3yrkLTR:UkZYQS2WxO1xU2ByQmQrkfR |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
83d53c3d52aa55a3 |
|
VISUAL
aHash
|
80707c3c68200b01 |
|
VISUAL
dHash
|
1c42c8c9d8c67b71 |
|
VISUAL
wHash
|
c6fa7e7c68403f01 |
|
VISUAL
colorHash
|
38000000680 |
|
VISUAL
cropResistant
|
1c42c8c9d8c67b71 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 114 techniques to evade detection by security scanners and make reverse engineering more difficult.