Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11962A97258A849130E35D6C9ADB0371DDA92C5CED93349CAE2E4878F3BC3DA6D953360 |
|
CONTENT
ssdeep
|
384:eHgJ3EXT39NJCcs9/ouWkLyoOU4uJHp22qHISejCkLOeZ42BtPkkpy0f:hJ3ED3JCcS/ozk6XuJJ22eISejCk6eZX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9966611c9b63e4b3 |
|
VISUAL
aHash
|
0010303c1c181838 |
|
VISUAL
dHash
|
e8636629abb23272 |
|
VISUAL
wHash
|
0830ffff1c181838 |
|
VISUAL
colorHash
|
06600008040 |
|
VISUAL
cropResistant
|
0945158c8eb23236,e8636629abb23272,3908c0c456511405 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 24 techniques to evade detection by security scanners and make reverse engineering more difficult.