Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10B0222E1C058DD3A035356D5F7B46B5FB7A1C389CF02198453F482AB9BCBDA0CB1269A |
|
CONTENT
ssdeep
|
96:TkQ0q7khOhHW0eGUEdt75qEowvljeuWXZHlTe5XU4/otGt7H6Q/R:QQD7khOhHWsUEdTqEcTcq4MGl6Q5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b193292f8e2cc72d |
|
VISUAL
aHash
|
21cfffffffff81c3 |
|
VISUAL
dHash
|
d5180d3c280e9616 |
|
VISUAL
wHash
|
00c7e78f87ff8181 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
d5180d3c280e9616,000209a2961d0000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.