Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11813315332085B65C3F3848C89102591A0C7E75EC9B097B087784E772BF2AB56BE9B7D |
|
CONTENT
ssdeep
|
384:i4tpGczJCuqdfpa7It4zOHkqpehw5H6gRztXPgRA0jG20a3FJM0MAIJgw8TigsWX:3IBdMMt4zmhehwJvzx+F3Fl68T+fVOr |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e373961ce013b6e4 |
|
VISUAL
aHash
|
000000404000ffff |
|
VISUAL
dHash
|
cc8b4fcb874e7890 |
|
VISUAL
wHash
|
e4e0e0e0e000ffff |
|
VISUAL
colorHash
|
06047000000 |
|
VISUAL
cropResistant
|
c000941200000000,cc884bcd83871e78 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.