Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11C0331B222471A2FDA8BC2C5F7692B4DB1C6935BC2620D45BBF28757DF82D64FC18160 |
|
CONTENT
ssdeep
|
768:L7+LNrzGNt9Zs+GPTnZwbbQNKhrp+ohCyoxaSrE0X1Xmh2fld1ClthJu/fi0n+mr:Lns+44umB2xICUHFOWezn |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e3a23aa3aaaaaa3a |
|
VISUAL
aHash
|
6500307070600081 |
|
VISUAL
dHash
|
d592c1c0c0c89041 |
|
VISUAL
wHash
|
ffc7f0f070700383 |
|
VISUAL
colorHash
|
38043200000 |
|
VISUAL
cropResistant
|
d592c1c0c0c89041 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 142 techniques to evade detection by security scanners and make reverse engineering more difficult.