Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F6E1157160147E3F506792C8A274A68E76C2811BCF330B0AE7F5976C5FE6C41DE12675 |
|
CONTENT
ssdeep
|
96:zlhM6hSclQ9tCOuxuWtwRshNgsZJLgPiZyZB9riJK:RhM6ocezsoshysZFTu+A |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9797c8e8e9c99494 |
|
VISUAL
aHash
|
ff0e0e0e00000000 |
|
VISUAL
dHash
|
70cccc2c0c030800 |
|
VISUAL
wHash
|
ff7f6f0f0e000000 |
|
VISUAL
colorHash
|
01007000000 |
|
VISUAL
cropResistant
|
4000444202420001,e280b2a2807171aa,32ba1c2aaa55cac8,cccc2c0c04000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 41 techniques to evade detection by security scanners and make reverse engineering more difficult.