Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T131D2837170486A3B02D385FA6B3A5B5AF7E0D359CA634289B2F4C3AD5FC2C64CD17225 |
|
CONTENT
ssdeep
|
768:s10tyQl4yDlu3h83tcmev4XImY2KkuOjF:s10tyQl4yDluiz64X2XkpjF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
964a680fed05f90f |
|
VISUAL
aHash
|
000c0e0e0e0e0ec7 |
|
VISUAL
dHash
|
8eecdc8cececec1e |
|
VISUAL
wHash
|
020e0f7f0f0f0ecf |
|
VISUAL
colorHash
|
020000001c0 |
|
VISUAL
cropResistant
|
90a1a7d2c2c6e2b2,b9f06ce4d4d0a8a0,e5d292a9093464c2,8eecdc8cececec1e |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 56 techniques to evade detection by security scanners and make reverse engineering more difficult.