Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16731956060533B1BD353A5E1AE41FB1633C68242EA474B5097E4F2BBF0CDD109B643C9 |
|
CONTENT
ssdeep
|
24:h6CnwX72eYSU4dJaZ/G0V1u/3OjkJWwJfQSYxVl8j9uM0wqfUGEj2sheCEy:I7V/UoaZe0Vs/vWwJISihMKfcIo |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cccc3333d93133cc |
|
VISUAL
aHash
|
1818181818000000 |
|
VISUAL
dHash
|
323232b2b24c3000 |
|
VISUAL
wHash
|
d8d8d8d818383030 |
|
VISUAL
colorHash
|
380000001c0 |
|
VISUAL
cropResistant
|
323232b2b24c3000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 57 techniques to evade detection by security scanners and make reverse engineering more difficult.