Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1070461617D03A826108F65DF9123570E22E1C7C8D65327E4B6F0C3685BBDC98FBA7664 |
|
CONTENT
ssdeep
|
1536:E0mA3uO7+sIxlEqMK3DIl4SH3s5qHG3gRLRkAYZCqXLy:EM7+REqMMU4S8589 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b847f8e246b8c6ca |
|
VISUAL
aHash
|
ff00000000ffdfff |
|
VISUAL
dHash
|
2b3672364e1e1f3a |
|
VISUAL
wHash
|
ff00000000ffffff |
|
VISUAL
colorHash
|
130000001c0 |
|
VISUAL
cropResistant
|
0003632b2b53003e,421c1c1a1a3f2e3a,76de727236160e0e,41c055cae6c4c6d2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 80 techniques to evade detection by security scanners and make reverse engineering more difficult.