Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BC827462FA021DA6006B0AC6B127B98E50C542CFCF5949F415F407EDF6F1CF0BA2A798 |
|
CONTENT
ssdeep
|
192:4l0+4sJY/6RiqdwMwQcsmma18QZxE8yZq1vUqk:4RJ86EqdwlQcjmaLx8kUf |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c9743cc3c33c3cc3 |
|
VISUAL
aHash
|
0000007c7e000000 |
|
VISUAL
dHash
|
333333c9c8233333 |
|
VISUAL
wHash
|
918191ff7f011919 |
|
VISUAL
colorHash
|
00e00000000 |
|
VISUAL
cropResistant
|
cccc8686868edcf0,e8949652d69696e8,00c028bcb6a66390,333333c9c8233333 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 825 techniques to evade detection by security scanners and make reverse engineering more difficult.