Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T157631AF1E280FD1239775093A18AD086B2BA581BE81D0E10E5DCCECA5DFF02755A7ED6 |
|
CONTENT
ssdeep
|
768:WT0TQH7YFcUYgPaFxJ7/HHcQPT7pVNN40j3/tZRRwW+6yQ0ccBnNx5v7zzGHPzrI:xYgPUdxpD/XnsMzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e41b491b1b676719 |
|
VISUAL
aHash
|
00f3f3f393f3f3f3 |
|
VISUAL
dHash
|
8426e62626266626 |
|
VISUAL
wHash
|
00f3330383e3f3f3 |
|
VISUAL
colorHash
|
06600003000 |
|
VISUAL
cropResistant
|
2626e62626a62626,8060418696968140,431b011919373f31,8c0e3d7964111d33 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.