Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16FD36232D595C9660EC395C8E6D0E34C229AD349FF32058967E2627F3BCEDE158243AC |
|
CONTENT
ssdeep
|
768:kcicSchPnCx2G9aDII/2QiCGs0hvlstZ0hEFY1PvHGXTSVig0OXJkCQ18ruiHzlI:rPeAYLzV3hXescIXgGXg0c |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c53ca63494e634e7 |
|
VISUAL
aHash
|
061800181818707c |
|
VISUAL
dHash
|
cc706870b030ccc8 |
|
VISUAL
wHash
|
663c7e1818187e7e |
|
VISUAL
colorHash
|
38006000201 |
|
VISUAL
cropResistant
|
a2808a88888880a2,cc706870b030ccc8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 78 techniques to evade detection by security scanners and make reverse engineering more difficult.