Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AC22983092186937928BD7C5F2E3935731C5830EC7576AA07FF833AE9BCACA5D958144 |
|
CONTENT
ssdeep
|
192:4esZgSY0spGBfhJS8RrN7s2vVGCTsrCEQdExNUhSPzxr:fPSY0JnocpQBCgroUa87x |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ba7a7e3a3a88a681 |
|
VISUAL
aHash
|
0081ffffe7e7ffff |
|
VISUAL
dHash
|
0f05a8b2ccccb20d |
|
VISUAL
wHash
|
00007f7f67677f00 |
|
VISUAL
colorHash
|
07000038040 |
|
VISUAL
cropResistant
|
0f05a8b2ccccb20d,4141452727454281 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 25 techniques to evade detection by security scanners and make reverse engineering more difficult.