Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19571C83568D098206AAF79D9ADD1681902B28F4BA75303A9D9F303FE52E1C2CE573498 |
|
CONTENT
ssdeep
|
48:3xCVVd6jPJYoD/k6jPBrRV9FP1A2AFP5fJtWtFPIt0hry8x+WYvvFJu:3x209TBn9YLfqtyem80nfu |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d98466b399cccc99 |
|
VISUAL
aHash
|
f8f0f8f8f8f8e0c0 |
|
VISUAL
dHash
|
0000302030280000 |
|
VISUAL
wHash
|
f0f0f8f8f8f8c0c0 |
|
VISUAL
colorHash
|
07008000c00 |
|
VISUAL
cropResistant
|
0000302030280000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 51 techniques to evade detection by security scanners and make reverse engineering more difficult.