Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T198524420320134A97733CFD2F1A17F182163D327C7865A946BE516745FC6CF8AB72AA8 |
|
CONTENT
ssdeep
|
192:YMMrb5gSL6r84ndZDbZSht7QTqzDKZ8DFq3APBVvENfYNqKTzhBeC3D:TM48A1dAk+/MQo3giC3TzhBeC3D |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b8c7c73cc3c32c61 |
|
VISUAL
aHash
|
bf9f9fcf8f8b9fff |
|
VISUAL
dHash
|
6834349c143638ce |
|
VISUAL
wHash
|
bd8b0f0f0e828e06 |
|
VISUAL
colorHash
|
07000010480 |
|
VISUAL
cropResistant
|
6834349c143638ce,ce06dbdbd9d9dd19 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 61 techniques to evade detection by security scanners and make reverse engineering more difficult.