Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AA33E63BB064515383134AE6F1717BADEAC7595ECA824F32A7F082CB63E2DE58C60558 |
|
CONTENT
ssdeep
|
768:icwiuDQEeDTj7Kd1HjB6J+E/aB2pDE37TBrpfE3dSB2pDE37TBrpfE3dWfIpZE3Y:oMOj4z1LMguJ4XmR+Z |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c7963c39e19496c6 |
|
VISUAL
aHash
|
1e3c3c7c64000008 |
|
VISUAL
dHash
|
d4e8ecccc82932d0 |
|
VISUAL
wHash
|
7e3e7e7c6e0c1028 |
|
VISUAL
colorHash
|
38010018000 |
|
VISUAL
cropResistant
|
a259625d4d4000a2,d4e8ecccc82932d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 71 techniques to evade detection by security scanners and make reverse engineering more difficult.