Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12943A53453082E3DA94786A0F3A5B728937DD2D4EB1F946CF2BC41621BC6C68DD6F690 |
|
CONTENT
ssdeep
|
1536:nNcVnUnEn/nXcVnUnEn/nXUVnUnEn/nXSKeZw8GizQJ:nkqC |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8e465171703873df |
|
VISUAL
aHash
|
003f3f1f0f071f1f |
|
VISUAL
dHash
|
9e6169b7fffef2f0 |
|
VISUAL
wHash
|
003f3f1707071f1f |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
2436e6cb1d5cd6d7,9e6169b7fffef2f0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.