Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13EA263B29540686701E382D6FB71E75B7B81C289CB43478293FD874D2BCECA7ED52249 |
|
CONTENT
ssdeep
|
384:bCTU0e78IFUq5xekr9/W4r7X/izsMLWwA5fiqV4lhxx2NcftvNuKuPhMsaW/GRBx:AU0e786Uq5xekr9/W4P/izsMLxCfi+4X |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9ab8a8474767ec38 |
|
VISUAL
aHash
|
3c1cdf3c3c3c3c3c |
|
VISUAL
dHash
|
79b1b16979717979 |
|
VISUAL
wHash
|
1c1cdf1c3c3c3c3c |
|
VISUAL
colorHash
|
07007000080 |
|
VISUAL
cropResistant
|
79b1b16979717979 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.