Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12302853910185977166784D8E3A6770AB3A2CA29CB431E4576F8C35C2BCBEE7AC5235C |
|
CONTENT
ssdeep
|
96:HRtG97HbTFh7xIsMmq3QX1nGnSv3YEGw8RI885jR5CEoi4+Jmq5NXm4DCZc+LXCF:HRtibBxxIrVo1vOOsWt0ISRG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8362fe89017e7e83 |
|
VISUAL
aHash
|
010000007fffffff |
|
VISUAL
dHash
|
c1880dd0c0a00000 |
|
VISUAL
wHash
|
000000007fffffff |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
41d08088314d8c10,d0c0e00080000000,0105054545454585,0000081010100000,5050105050904040 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.