Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F723117470129B3F42C392E1A7385B6EB3A2C359CA232A09A7F5839D1FC7D51CE16674 |
|
CONTENT
ssdeep
|
768:6Qh6ACagdZZsATFgdZZzAjg0q5PQJXt8F6NnJXdv+2XvZmPfn6IbGcGxn02idOUx:f6ACagdZZsATFgdZZzAjg0q5PQJXt8FD |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d293c4c58a3b6e6c |
|
VISUAL
aHash
|
7e7e000c3c000010 |
|
VISUAL
dHash
|
d4c40c28e944b4a7 |
|
VISUAL
wHash
|
7efe2e0c7c704071 |
|
VISUAL
colorHash
|
19200010080 |
|
VISUAL
cropResistant
|
0000c4c1c0c6008e,73737252c5a26565,d4c40c28e944b4a7 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 44 techniques to evade detection by security scanners and make reverse engineering more difficult.