Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A841FDB165A59D3B5AD3C2E277E0A72B37C2C28AE4C7070103FA976D0FD9E6ADC59401 |
|
CONTENT
ssdeep
|
24:hRCDOvXwbWE59K1dcA0mgo50IhAIWuqfBpR/2xJMVagMVGQEAEtp4suzIVES:6sXwSuKh0mgmpADfapb7EtpzuzIVz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d999316666cc6666 |
|
VISUAL
aHash
|
183c3c3c183c3c18 |
|
VISUAL
dHash
|
7171707069717130 |
|
VISUAL
wHash
|
3c3c3c3c3c3c3c3c |
|
VISUAL
colorHash
|
39003000280 |
|
VISUAL
cropResistant
|
62668c0e714d2b2b,7171707069717130,6170c85555d4d403 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.