Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T139D341307D62A826109F22CF9127570E62D2C3C9E6532BE5B6F4C3684BBAC54FFA3155 |
|
CONTENT
ssdeep
|
1536:Ph3sIx8zF8hKQ7T70diUmvanhSvZ+0YAxGRszEMY+pJG6PUi0+a02GcY79F:tY4RYAtY+ZT7T |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed39926e4b92661a |
|
VISUAL
aHash
|
fbcb8b9191f1ffff |
|
VISUAL
dHash
|
62123a33232730b2 |
|
VISUAL
wHash
|
808a888091f1ffff |
|
VISUAL
colorHash
|
07400000180 |
|
VISUAL
cropResistant
|
62123a33232730b2,cb933227a66dd91d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 556 techniques to evade detection by security scanners and make reverse engineering more difficult.