Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EEE2EA31A800DD2A41CF9AD85676522A61FA8385D613029CFEF5C3F91BEFC6ECA73144 |
|
CONTENT
ssdeep
|
768:EsIx/j4IIeE6RSYrXz6RDYIXq6RESSz6pq6lo+wC25kUf74Q3H+K0Pm:EsIx0IIeE6MYrXz6tYIXq6aSSz6pq6lk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a409a537969fa6e1 |
|
VISUAL
aHash
|
3f0000000000ffff |
|
VISUAL
dHash
|
eeb2a3b0d4865700 |
|
VISUAL
wHash
|
ff00101f0600ffff |
|
VISUAL
colorHash
|
0f402008040 |
|
VISUAL
cropResistant
|
ce809e1edecf1f5e,16000000a4a4a524,aea2b3a9f4c4c657 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 32 techniques to evade detection by security scanners and make reverse engineering more difficult.