Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CCE33321D6A41733D20A07CAD3EB365626AAC2C7CC5278E8F170827497BEC8D5D77DA1 |
|
CONTENT
ssdeep
|
3072:h5eKJrjylK2E6IOZuagKI3ImJS2gcIYLQICeIkPksuGIyIhuBn9Ck75Z:hwKNQ5IBf3NwW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e816a7b0c88f6735 |
|
VISUAL
aHash
|
ff00008840cffffb |
|
VISUAL
dHash
|
8e313131919c3293 |
|
VISUAL
wHash
|
ff00800048cffffb |
|
VISUAL
colorHash
|
0e401008040 |
|
VISUAL
cropResistant
|
10024f0b106a91b1,a636723869f4f2d1,3131b1909c0213b3,00020c0404040304,b1313131b191909d,9f8d0d8c8f232260 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 80 techniques to evade detection by security scanners and make reverse engineering more difficult.