Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EF24DE30A404AE3701E391D59AB0635B77D8E395CB730E5A7BF483397B96EB2EC02585 |
|
CONTENT
ssdeep
|
6144:laedbEItmOPG44y0Mum/wL6JqmvtzMIAeJxkGX/m/I0ePMlhvyaYRzTjoTGu29Ql:DU9AW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9eea0560e5c5d89e |
|
VISUAL
aHash
|
001cbcbd9d183c3c |
|
VISUAL
dHash
|
d579796171796870 |
|
VISUAL
wHash
|
223cbcbdbd143c1c |
|
VISUAL
colorHash
|
19008008600 |
|
VISUAL
cropResistant
|
d9ddfdf87c5cccd8,8ba7aec6f12063ec,cccc555b33254be2,5551671b33736565,17d4db259ce2ddf5,da98fadada8ca9e9,d579796171796870 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 318 techniques to evade detection by security scanners and make reverse engineering more difficult.