Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DE636CF5B484F51341F38092A0AF6907B33D450F680D4870E258DBDFB6E486AB1A7BD9 |
|
CONTENT
ssdeep
|
1536:tCSMgyKFN2vk8EL0tYZMPQttIiKnzQ2N0msQw:txuZVw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c9edd612364d6516 |
|
VISUAL
aHash
|
fffffbf900000000 |
|
VISUAL
dHash
|
92527233cdd1f1e2 |
|
VISUAL
wHash
|
fffffbfb04001000 |
|
VISUAL
colorHash
|
1b003000180 |
|
VISUAL
cropResistant
|
0212529272727263,826c94949494cc22,1272732acdd2f0e2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 30 techniques to evade detection by security scanners and make reverse engineering more difficult.