Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12754E8F5AB7721F812BE32F27825000FA2AB1F51978D78346955EC49FFBC448B1E1A25 |
|
CONTENT
ssdeep
|
3072:0KCKmKJKmKJKmKJKmKpKEKEKEK3KIj1CAXUbU/z/F1Nv/D6fsGGE8exFW8hh3slP:Ha4/Vv/D6f3V7ph1sl5Z |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c730f33e0c01f9e |
|
VISUAL
aHash
|
1f1f1f1f1f1f1f1f |
|
VISUAL
dHash
|
7e7e70b4b47074f4 |
|
VISUAL
wHash
|
03031f0f0f1f1f1f |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
6c6c80b8d0c0a0a0,f186ac3636ac86f3,0008167171162060 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 290 techniques to evade detection by security scanners and make reverse engineering more difficult.