Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T173A34CE9A9C4FE1315E380D3B15B9247F23D490FB50E8690FA88CAC573D986A61776F0 |
|
CONTENT
ssdeep
|
1536:QlezH4QvE8pDlnEjrONSN8pl03nupaJUP91zlOrn1RjzQ2N0msQw:QY7T7OIX9Jqn1vVw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c6edc532126d6d16 |
|
VISUAL
aHash
|
fffffb0004000074 |
|
VISUAL
dHash
|
963662952d49c0c1 |
|
VISUAL
wHash
|
ffffff00040000fd |
|
VISUAL
colorHash
|
1be00000000 |
|
VISUAL
cropResistant
|
1212121354966662,690c1e34a6b6b451,10a8c8c030000000,0494d4d424009212,1662330d2dc2c8c5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 50 techniques to evade detection by security scanners and make reverse engineering more difficult.