Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15F53A7B123020B6ED98782D5FBA47B39E199834AC6535C4DF7F90157EB82D18ED163A0 |
|
CONTENT
ssdeep
|
768:bt7WtfBJribcHxvKlsUA2dFIfadM9h2AHaWKpHaWuBHaWU/HaW2Bpih1DqcU9o4f:bt7yNPK2fMzercnk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c4db5b76534c415 |
|
VISUAL
aHash
|
0000000000ffffff |
|
VISUAL
dHash
|
9631b035c8cc1ce6 |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
06e00000000 |
|
VISUAL
cropResistant
|
ccccd1183cc4c8a6,964d303230b40810 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 96 techniques to evade detection by security scanners and make reverse engineering more difficult.