Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T147F32C30F81C6836DB7705DEF531AB1AFE93E30FC59649C4E6A48B944BC2EF2A511294 |
|
CONTENT
ssdeep
|
3072:oNkhY2pD/HlY7H7JOzD0443GwXpMSGFsbIsbfd/eKxbwDwtYUY6A820D0jMPF:oNkhYiD/FY7bJOH0443GwXpMSGFsbIs7 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd8c38c73233e732 |
|
VISUAL
aHash
|
18181900387cc1c3 |
|
VISUAL
dHash
|
f6b2331770401b17 |
|
VISUAL
wHash
|
181819993cfdf3c3 |
|
VISUAL
colorHash
|
38e00008000 |
|
VISUAL
cropResistant
|
60e2b2a8eeea5d1b,c3ca4741494c4e47,b6d793642626262a,f6b2331770401b17 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 987 techniques to evade detection by security scanners and make reverse engineering more difficult.