Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EFD110F1C414ED3B435286D5EBB56B0B73A1C349CF02194493F893BF6BCACA0CA22599 |
|
CONTENT
ssdeep
|
96:Tk7D/4z8pDfSTbdCQ8pppiF/9X3HFijFXHg/1OR:QX/4z8punX8pppMog6 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
be1cc127c7c13798 |
|
VISUAL
aHash
|
ff9f9f9f0787ffff |
|
VISUAL
dHash
|
08353d333d2d0008 |
|
VISUAL
wHash
|
ff0403010107ffff |
|
VISUAL
colorHash
|
07206000000 |
|
VISUAL
cropResistant
|
08353d333d2d0008,4f4bcb0e0f6d35b1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.