Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19D234A726332B8A843DB91EDF7382956B2D2988DF8C74554F5C95ACD23C3C806197BB4 |
|
CONTENT
ssdeep
|
768:aQ+EsZx8/G8Yc4hDaw4McBawuMcBbr82+/9dtZkDieE565TmHEnkvdhfVPqDv3AQ:aQ+EsZ/8YnhDaw4McBawuMcBX82+/9dw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fad0eccd9192c4e4 |
|
VISUAL
aHash
|
ff81858d81818181 |
|
VISUAL
dHash
|
23414d49494d0909 |
|
VISUAL
wHash
|
ff81e7ad81e98181 |
|
VISUAL
colorHash
|
3a000e00000 |
|
VISUAL
cropResistant
|
23414d49494d0909,1fdfce8ee6ced0e0,23828c89c8ca29a8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.