Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FB219CE22573D83F0472D2D416B6272A63D1844CCBC206565EDC93AC4FEEE94FE65040 |
|
CONTENT
ssdeep
|
24:hR/OupWI4Ky1M6cnNk+wsumb9mOrhT5rmpbBS:TGupb4+9Nk+wsumb9drGp9S |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b38ecc3199cc9933 |
|
VISUAL
aHash
|
ffe7e7e7e7e7e7ff |
|
VISUAL
dHash
|
100c08084c4c4d30 |
|
VISUAL
wHash
|
ffc066e1e2c26266 |
|
VISUAL
colorHash
|
07000000c00 |
|
VISUAL
cropResistant
|
100c08084c4c4d30 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 29 techniques to evade detection by security scanners and make reverse engineering more difficult.