Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T194934CE5E650E81224B740CAB0AFD2C57276440AFE590E60B62CDBDD73DE8DE2233795 |
|
CONTENT
ssdeep
|
768:1T0TQH7YFanQGYjCHwMkm6yiRrpW3ofr9kQoRp5ogJVzc+b42NB2jIGrTnzq8QEP:9HwMkm6yiRrc4fr91oJzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec936c1717454739 |
|
VISUAL
aHash
|
00dbffffffc3c181 |
|
VISUAL
dHash
|
e23b3b363e2f2327 |
|
VISUAL
wHash
|
00c3ffffc7c18181 |
|
VISUAL
colorHash
|
07200008010 |
|
VISUAL
cropResistant
|
333b33163e2f2327,0201b696c6d6b691,782a2a28cc4d7172,434e56554d4de9b0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 26 techniques to evade detection by security scanners and make reverse engineering more difficult.