Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18A526632C188B45D7353D051EA60AA8F7A8242FE9A575F01D3E53B3FB8D15B0C92935E |
|
CONTENT
ssdeep
|
192:Sk3ULuCYbCYDiBbE/RMXNtjZCLyanaZy2Wj55MdfSt9xVIoy/8:mLuCYGqPWhZy23UIB/8 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
996699cc31cc9b66 |
|
VISUAL
aHash
|
18081818183c1818 |
|
VISUAL
dHash
|
71717130b2323232 |
|
VISUAL
wHash
|
ff3c3c18183c3c3c |
|
VISUAL
colorHash
|
32007000040 |
|
VISUAL
cropResistant
|
5205b4aafab24500,8a0f178a3333585a,71717130b2323232 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 276 techniques to evade detection by security scanners and make reverse engineering more difficult.