Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19912E9302100592D210B8BA8F1E1EB5E11EF9349DF179D18B3F926B26BDFC98CC06565 |
|
CONTENT
ssdeep
|
192:XwDUejLiMNnREvmlobRrGVh6F4yPoiCh6F4ZMfsD3lAS9lAdomVhdHH:XwgciMavrmhy4yQhhy4ZgsD3lAylAdtj |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
884d7737c9898973 |
|
VISUAL
aHash
|
000019dbc7278fcc |
|
VISUAL
dHash
|
cf4f33b30f6d2d9c |
|
VISUAL
wHash
|
000019dbe7a78ffe |
|
VISUAL
colorHash
|
18e00000000 |
|
VISUAL
cropResistant
|
a2a2c120201180a2,a28046b131c682a2,cf4f33b30f6d2d9c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 35 techniques to evade detection by security scanners and make reverse engineering more difficult.