Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FD73405121082A45C2F39C8894102B857283D74FC8715770C6BC5E7BABD9AB277ADFBE |
|
CONTENT
ssdeep
|
1536:pHLkTIgRCE6yPCbz7HuUduG7urf3H3CR1RzMSrQNcaHKy4zAtjFl:prSIgwE6yKbz7HuUduG7uT3H3CgcaHK8 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9973268cc833dd0f |
|
VISUAL
aHash
|
ff001818381803ff |
|
VISUAL
dHash
|
cc6b33b3b2b25f33 |
|
VISUAL
wHash
|
ff181818381b07ff |
|
VISUAL
colorHash
|
0ec41000000 |
|
VISUAL
cropResistant
|
6724de580f2b8e8e,cc6b33b3b2b25f33 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.