Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F8810BB182528D3F90B383D197A6277A33E68288D94B025507FDC36D4BDDC55FC27689 |
|
CONTENT
ssdeep
|
48:bDXZzjE6x209EBZerru0TbJTCppD+qaY0oZOj02eYWeG+e2+eJfrfuTYoXfY10mM:5MBZ0LXMZp2eYW/+X++fqTamZhnF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cee6378e31319964 |
|
VISUAL
aHash
|
627c7c3c383c1800 |
|
VISUAL
dHash
|
cee8b0f8e1616904 |
|
VISUAL
wHash
|
e7fefc7c3c3c0000 |
|
VISUAL
colorHash
|
38003000000 |
|
VISUAL
cropResistant
|
08304c4d4d040800,cee8b0f8e1616904 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.