Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T185E113E0C014EDB7435A85C5B7B16B8B7B91CBC8CB03094893F843AE5BCBC64DB155AA |
|
CONTENT
ssdeep
|
96:TkYXSzeFvMSfuSTCctutQ0SS8lWouwvFl9eBXOHFSeRX+z/hYLYfGJ:QYXSzeFdjWcktQ/WjoLYzZQuA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9ae5e558e50b18e3 |
|
VISUAL
aHash
|
ffffff3fc4001cff |
|
VISUAL
dHash
|
2232e9e9a9b9f9cb |
|
VISUAL
wHash
|
ffff3d1c0000183f |
|
VISUAL
colorHash
|
07600010000 |
|
VISUAL
cropResistant
|
2232e9e9a9b9f9cb,f52e3e356466e6f4,70618a0e66664646,4c6c6c2466523319,2345475bdba32b09 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.