Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16A625171924C5DBE5043C3E5DB25732A32AA92BCEF0B031183FD473DAAE2C59ED26195 |
|
CONTENT
ssdeep
|
384:w6CmaZWtBbWSWAW+VDz/nWxHmiLlWBCmaUR6cv:fCmQobVR3PuxeCm5n |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cccc66339b8c6699 |
|
VISUAL
aHash
|
1818181818001800 |
|
VISUAL
dHash
|
32b2b2b2b2103232 |
|
VISUAL
wHash
|
3c18181818181818 |
|
VISUAL
colorHash
|
07002008080 |
|
VISUAL
cropResistant
|
c4cce4e269c89999,ffffdeccccbffffe,32b2b2b2b2103232 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 59 techniques to evade detection by security scanners and make reverse engineering more difficult.