Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T179B48146B3D5723A8607F0B18C9FCC49F6786D185299944CA20CC0FAA974878DB7EEDD |
|
CONTENT
ssdeep
|
12288:CVo1Aq6x+r0/tmoiJJwm78ZzhYg/PqIeK2iOWFfa/92CI0iftwMT6M1rIa0+zhQ5:CVoABx+r0/tmoiJJb78ZzhYgqIejqfa1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e3e1c94969696663 |
|
VISUAL
aHash
|
ffffe7e700000000 |
|
VISUAL
dHash
|
93e0ccccccf03000 |
|
VISUAL
wHash
|
ffffe7e766000000 |
|
VISUAL
colorHash
|
30000038000 |
|
VISUAL
cropResistant
|
f0f0f07145454505,f0f0f0f0f0d0e0f0,93e0ccccccf03000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 440 techniques to evade detection by security scanners and make reverse engineering more difficult.