Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E7135531D146B827557285ACBB60BB797793C3AA43010FB7E7A0661FF989E70E60438D |
|
CONTENT
ssdeep
|
384:HpBFL12ZubjUZVytk05dmVPF7u7FMnKGic3L/6qGTOBSUohOj9dPFb4aaAGMp1:JBFL1nbjUZJOATi7KBm56BSQ9dNbL1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
995a0fc6b1b0e3a6 |
|
VISUAL
aHash
|
000081ffffffffff |
|
VISUAL
dHash
|
6171131019032f7b |
|
VISUAL
wHash
|
000000dffffff703 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
6171131019032f7b,3313331ab7ab9ab2,4131697171314571 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 85 techniques to evade detection by security scanners and make reverse engineering more difficult.