Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17D7332B1BF026827292FA5CFD1572B0D62C1E7CECA415BE5A1F0932497B5DE1B6E12C0 |
|
CONTENT
ssdeep
|
1536:+CXRluorelpUjAmXUVjvWbDoX0kQeVyGKNJ:7u7tmkVJXDfa |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ee466acb926a9493 |
|
VISUAL
aHash
|
00000000fffbf1ff |
|
VISUAL
dHash
|
6d27242410232b3b |
|
VISUAL
wHash
|
000000c0fffbfbff |
|
VISUAL
colorHash
|
06c01000040 |
|
VISUAL
cropResistant
|
6d27242410232b3b,949a98e4e0a8a4e0,9c9e147efcc4189c,c6c6d6e2e6c6d6cc,ed6d2526a4642624,b6b4ec8d8d1f1f14,cba791c9e5cec6e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 640 techniques to evade detection by security scanners and make reverse engineering more difficult.