Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12263A6B2512CD97B8207C3E9B6353B1A30A7C2AEDE470606A2F8577D2EC3DE4DD19560 |
|
CONTENT
ssdeep
|
1536:Bci1L1KVUbW7WUW1WuggL+We1W1oKTK1Kt7S:Bc+skW7WUW1WuggL+We1W1/K147S |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bdc7609f63a44b82 |
|
VISUAL
aHash
|
ffffffff0f0f0f00 |
|
VISUAL
dHash
|
52726e36797bb69e |
|
VISUAL
wHash
|
ff9fbf8f0d090200 |
|
VISUAL
colorHash
|
06e00000000 |
|
VISUAL
cropResistant
|
52726e367d7932be,367c797b32b69e96 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 213 techniques to evade detection by security scanners and make reverse engineering more difficult.