Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15C048821B600BC16C1434DDF9225DA15BB0DF729CE1A13C6F3941B3BABA5C70BDBA568 |
|
CONTENT
ssdeep
|
3072:XfVR8i4zs/MlaoQupKn+T+7wm+T+7w5wEI2z+c:PVqEn+T+7wm+T+7wz1h |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec4313476c523d6d |
|
VISUAL
aHash
|
00ffd3f3f3d3ffdf |
|
VISUAL
dHash
|
d42233272736a933 |
|
VISUAL
wHash
|
00fb83d19193ff83 |
|
VISUAL
colorHash
|
07440018000 |
|
VISUAL
cropResistant
|
8c3227272736a933,0094c4d4f4c4a422,4d49b9d353513f0f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 88 techniques to evade detection by security scanners and make reverse engineering more difficult.