Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T173B2C576534C2A3D6613C7E8F6B9B338815AD38DD22B8568F76D02B15383C88E9332D4 |
|
CONTENT
ssdeep
|
384:uwWSufzBWBfzFOA8n86Bu8flVwojTzDuyTGq2NjaNcFK:uSuf1WBf5OA8n86Bu8flqoTDuyaqkaNz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a82cd7a2bdc685b8 |
|
VISUAL
aHash
|
03000000037fffff |
|
VISUAL
dHash
|
3f9f77773fef8d4c |
|
VISUAL
wHash
|
9f000001037fffff |
|
VISUAL
colorHash
|
06008000180 |
|
VISUAL
cropResistant
|
3f7f7d23235d2f3f,f2936ab5b5635565,7fb73fefc70ccd54,3f3f37777fb7ffcf |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 15 techniques to evade detection by security scanners and make reverse engineering more difficult.