Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T178126B71C5623177292B0AD6F5B1AF0EB9E3930DCA53481A93FCA7C65BC7D90DE11805 |
|
CONTENT
ssdeep
|
192:ZQ4KhqBnCe3yupeySruhVMgGMVAzfWyNHe5hQhRqUt7Jr1iO+8mYY7z7:qDh+nCe3yupetruhVMgGMVAzfWyNHe5H |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bc195947471f3c1c |
|
VISUAL
aHash
|
00cbc3ffffffffc3 |
|
VISUAL
dHash
|
f0bab21426a6328e |
|
VISUAL
wHash
|
00c3c3cbc3d3dbc3 |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
038180e4e480a103,1abab21aa6a6328e,300c30f0f0f03904,1780838286024a02,1632328696022213 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.