Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11C03F852C345A285630A83A8B461B71DB3230497DE399A75CBD20B1BF44C17FEDA67CB |
|
CONTENT
ssdeep
|
384:wIxnzfOSPR3tSl3z1lc42oMysplEW9tOt4jQ6nzNusuaZ64qVbni95H9p/mcazIN:wCz2A3t6jO9jQ6xZ6Xni95H99mcazIN |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3194e4d6e4c4d4d |
|
VISUAL
aHash
|
00efefc7e7eff7f7 |
|
VISUAL
dHash
|
33181e1e1e1e0c0c |
|
VISUAL
wHash
|
00c7c3c3c3c3c7e7 |
|
VISUAL
colorHash
|
07000c18000 |
|
VISUAL
cropResistant
|
3b1c161e1e0e0c0c,001000b2b23a0020 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 156 techniques to evade detection by security scanners and make reverse engineering more difficult.