Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EA0383329159A93B02D7D2D49270BB4FA2C78A41CA2307D177FE839C5FD6EA4CD27258 |
|
CONTENT
ssdeep
|
384:zNvzd+rQHnkzs4EHGxY0qAMrNP1neYO2n4ryEAPTGgb7YhZCiuC4IReNCbFCROvZ:z1MrQEfOneYwelPCuzIN2T/ZDOzueF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e39db8e5ce142b41 |
|
VISUAL
aHash
|
ffffc0f8e0000000 |
|
VISUAL
dHash
|
231b0800c30b8e89 |
|
VISUAL
wHash
|
fffffcfce0800000 |
|
VISUAL
colorHash
|
0b601000080 |
|
VISUAL
cropResistant
|
912c3b23233b249b,004432cccc324400,1b8800c043898e81 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 978 techniques to evade detection by security scanners and make reverse engineering more difficult.