Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CFD19422C684391D11EB8155FD20DACFB3208159D31A0BB96B79917FFD8C1E48A736DD |
|
CONTENT
ssdeep
|
192:URZaZHZ+O5RbGPxi0HTCP40t4IdpTHgYF:uZKwO5BGP0xX7gK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
be96966969683c38 |
|
VISUAL
aHash
|
83ffff8181818181 |
|
VISUAL
dHash
|
2b39392b2b2b2b2b |
|
VISUAL
wHash
|
cfffff8181818181 |
|
VISUAL
colorHash
|
13000038000 |
|
VISUAL
cropResistant
|
0202020202020202,a0a0a0a0a0a0a0a0,fffedcf3f3def3ff,bebaba9e808c8c01 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.