Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19054824127C0A85423A78FB7732FB4E1F46E096F6C550C5BD244FCA076A9A27FAE1931 |
|
CONTENT
ssdeep
|
1536:4WtFhGeUax55qVs8SB0OO4p838EaIezyxTQTpLMXzF7K4QY1MLRIaoHBZP1U1uUm:jcM2sxH1iF7IY1URuFauUrh1/EOwP1n |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
966db434ed16e944 |
|
VISUAL
aHash
|
02206000000406ff |
|
VISUAL
dHash
|
b6cccc9c2c2cecc2 |
|
VISUAL
wHash
|
5276704606067eff |
|
VISUAL
colorHash
|
30000c01000 |
|
VISUAL
cropResistant
|
01806088ea709cef,0000000000000000,b6ccc8cc2c08ecc4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 433984 techniques to evade detection by security scanners and make reverse engineering more difficult.