Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A8B275307200567F96C387F4F771AB6EA2ADD686D6178A2CA2ECC3A52BD7C55CD12310 |
|
CONTENT
ssdeep
|
192:qzbsAxLp/tqtlwJg6RcGEzKegGugzu4PgsUF4BTTGtfopdJJ8ZabrwC6WNPVCft:EsAxpel6zfJj0zKtAzfOcwGNP0ft |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c1953cd4b6e5e11c |
|
VISUAL
aHash
|
1e18786e7e600000 |
|
VISUAL
dHash
|
d433d2ccccc22001 |
|
VISUAL
wHash
|
5f1e3c7e7670e080 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
d433d2ccccc22001 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 48 techniques to evade detection by security scanners and make reverse engineering more difficult.