Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T149D3BACC42E299DFAE9782C891D145E838436C1D6FF0F175ECBE405FA4AD68484D2A3B |
|
CONTENT
ssdeep
|
1536:aXH17slElOlEl81X1bxLxdLtIXnecwVMjBewEMjBZYOMjBnv82+/9dtyDieSvdh0:a3nFwRw/Yf820D0jSgGG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
88aabe97d0e0f989 |
|
VISUAL
aHash
|
ff1f034008080000 |
|
VISUAL
dHash
|
6c73938cd25244a0 |
|
VISUAL
wHash
|
ffbfdb5c1c0840c0 |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
0800080c0c000803,6896ba4d6db2dc69,3764a6a242979e9a,617b938cd212c4a0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 155 techniques to evade detection by security scanners and make reverse engineering more difficult.