Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1ADD1817540A9DD7341A393D097A16B0F37E1C26ED4230A44E6FDA39E4FCBE89E953502 |
|
CONTENT
ssdeep
|
48:tDAVs1hzRwMsGCHJCx1yT19bpBezIY110BGBA4Kgkt3Nj4wzSFzEIjiPOVMXzp5O:tDjzVIHI6bFYjArtVN7SSXDXrmS9Rs |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec6d9193929e0e66 |
|
VISUAL
aHash
|
ff91919be7ffffff |
|
VISUAL
dHash
|
22333333cc2830b8 |
|
VISUAL
wHash
|
ff8090f92307171f |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
22333333cc2830b8,8ecaaecacaced0c8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.