Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14EE35431C6950337D215478AE3DB3B56629BD2C7CD527CE8F2A08139DBBAC482C76DA1 |
|
CONTENT
ssdeep
|
3072:U9Gli5KJGrjylK2E6IOZuagKI3ImJS2QMIYLQICeIkPksuGIyIhuBn1riZ:H6KJkQ5Ixf3Np0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d8ec07b0d80f6f13 |
|
VISUAL
aHash
|
4ed998d8dcc40c0c |
|
VISUAL
dHash
|
94317131919ce858 |
|
VISUAL
wHash
|
5ed9b8f8ddc40c0c |
|
VISUAL
colorHash
|
32401008040 |
|
VISUAL
cropResistant
|
85006a4a9191b1b1,a636723869f4f251,01c3e1f4dceebeed,9898989898999183,b4f8fcc4919bc07c,949433c4d0d08412,317131b19498e858 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 152 techniques to evade detection by security scanners and make reverse engineering more difficult.