Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T145431D70A404A93741CB96D55372476A72F68385CA630649BAF0C3BD2FEFC69CE77260 |
|
CONTENT
ssdeep
|
768:TI8LSG9cTcQsxnxgaJQQU+rOzf/3WYttO1sIx/jgUf79F:TIiccrOzfPWggsIxr79F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3113fc5ef11c265 |
|
VISUAL
aHash
|
01007c7c787c0080 |
|
VISUAL
dHash
|
7b0cdcc8c4c90231 |
|
VISUAL
wHash
|
05067e7efb7c0099 |
|
VISUAL
colorHash
|
38018000058 |
|
VISUAL
cropResistant
|
0a06552a0a4b4a35,6be5a553564b5a9d,8209d6672b29de22,a6840635350584a6,7b0cdcc8c4c90231 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 72 techniques to evade detection by security scanners and make reverse engineering more difficult.