Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17CB2E77032090D7DA6A383E4E3517B3985AED3C8C61F845DF5E882762F89D98CC6B2D4 |
|
CONTENT
ssdeep
|
192:0UZPnOk51m6H3nO2Gjd4OH2vOaQnOgiHYBHO5OVFO4O1weQB8vODEjO7gqS2O8e4:0qvm6H3Fg6mJ8Mg8MhsgXee7M3 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3e63c39389ce6c1 |
|
VISUAL
aHash
|
4e74767c64001818 |
|
VISUAL
dHash
|
96ccccccccccb0b0 |
|
VISUAL
wHash
|
7e7e7e3e6e001818 |
|
VISUAL
colorHash
|
380010001c0 |
|
VISUAL
cropResistant
|
96ccccccccccb0b0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.