Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T185422033A600CC298DA755CCF6C49A89515DD345FB3148CAB2A492FF7BC4DF069A83AD |
|
CONTENT
ssdeep
|
192:Q53J2CMdU9clEaU1aCLxCaxFDuMcnthWeNWb5TTuYswfMmUU8VCorB3:zU9clE3Om7TB9fMmUFCor9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cb4bb4be5b02a64a |
|
VISUAL
aHash
|
f8f878f8f8ffffff |
|
VISUAL
dHash
|
c162e3d111000100 |
|
VISUAL
wHash
|
3030303008cfc1c0 |
|
VISUAL
colorHash
|
06000000038 |
|
VISUAL
cropResistant
|
c162e3d111000100,8a02e21a3bea049a,def969bee849befe |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.