Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17C53D4107302B76A1C334F74F38A35AAD19F8348F5A6782DF298825171D2179C667EEA |
|
CONTENT
ssdeep
|
1536:kmQ0wA3ins+vIGfo3E4ta66Smq8Z7U1c/jD5YJ7wNBWti1R7CPirs9Hal:qJYJ7o |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e4649b9b64646766 |
|
VISUAL
aHash
|
ffffc3c3c3ffffff |
|
VISUAL
dHash
|
5d1e8686861a1e1e |
|
VISUAL
wHash
|
87c3c3c3c3c3c3c3 |
|
VISUAL
colorHash
|
07001018080 |
|
VISUAL
cropResistant
|
5d1e8686861a1e1e,248984c4cccc828b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 394 techniques to evade detection by security scanners and make reverse engineering more difficult.