Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18A932BE0A280FC1249B740C2F09BD6CAF3BB011AFB9C0D50765DDAD6B3DD8AB11A7565 |
|
CONTENT
ssdeep
|
1536:0QZYYNZlRpzHfvmM9q0AxJuSWmZOeQZYjzQ2N0msQw:3QO8Vw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
915a273ec4e5689d |
|
VISUAL
aHash
|
001c7c7c1e003e3e |
|
VISUAL
dHash
|
eaf898d8f4956eee |
|
VISUAL
wHash
|
003c7e7e3e002efe |
|
VISUAL
colorHash
|
10000008038 |
|
VISUAL
cropResistant
|
73e08e88cc49d848,828898b0f8eef0d9,100cb2b2b2300800,cfcfc68b81e2cc1c,aaf0f8c48696974f,b8162f4f24d4cc27,f8ccce92c6ccccc6,f0c2d3b333763e14,eaf898d8f4956eee |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 37 techniques to evade detection by security scanners and make reverse engineering more difficult.