Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T159124F7265009DB30193E3E6E771E76F7A8AD349CA931782A2F8974D1FC7CAACC51214 |
|
CONTENT
ssdeep
|
96:pNPm7PzGCvHDcAh1uxvMS2zZ13Suiv9BO4vRlPCvRI+pasBvlPPVRJoTO8P352:PPo/Pz1uRMSsZ1me4vRlPi/RJoTJY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
933333eccc393cc4 |
|
VISUAL
aHash
|
0f0f0f0fffffffff |
|
VISUAL
dHash
|
5adadadaa424d820 |
|
VISUAL
wHash
|
0f0f0f07f0f0f0f0 |
|
VISUAL
colorHash
|
06007000000 |
|
VISUAL
cropResistant
|
5adadadaa424d820,33333312b2ab9ab6,924996b6d4d42380 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.