Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D8E231726180E92741D7D3DD6A309B1EF2C3CA4AC9A30ED3F5E4939D5AD7CA9DE12108 |
|
CONTENT
ssdeep
|
768:y0y6KGRm25YaZAKUnWa9+vsJCezwJBeETH:dpKGRm2l+KUnFCeze3H |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b018ccedcfc73330 |
|
VISUAL
aHash
|
eb0444ffc3c3e3c3 |
|
VISUAL
dHash
|
d2949c5397179717 |
|
VISUAL
wHash
|
cb0c04ffc3c3c3c3 |
|
VISUAL
colorHash
|
02040007000 |
|
VISUAL
cropResistant
|
d2949c5397179717,7baf49233064cd0f,38763a194d5a1a32 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.