Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T100B2E7A511640B3D694386F5F398F268A06DC3AED3178068F7AD13B517CACD9F92E780 |
|
CONTENT
ssdeep
|
384:zJSf/Y4TNFbJDqavSsFDocDSOLxFum2NjaNcFt:zofHLLxxmo7PkaNcFt |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
98d32665897726dc |
|
VISUAL
aHash
|
183c3c1818001818 |
|
VISUAL
dHash
|
f0f0e9b2b26032b3 |
|
VISUAL
wHash
|
7e7e3c3c3c3c1818 |
|
VISUAL
colorHash
|
30202010040 |
|
VISUAL
cropResistant
|
292b52592b6a6959,1ce7efcfcbc35353,8000100b2b000080,f0f0e9b2b26032b3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 12 techniques to evade detection by security scanners and make reverse engineering more difficult.