Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T181A251B09546C87741B7D1D6B2769F3F71E2834AC9420604D2FAD3B997EAC68FE13021 |
|
CONTENT
ssdeep
|
384:ns186MtLyKQIK3S5/WSqSuhTcSqkStVilmbBlmSbMlm2uUlmkwBDp38iSOj:ns186AmKUSBWSqSIISXST8m7mFm2Zmbt |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e50f72a5467838c7 |
|
VISUAL
aHash
|
0000cb787bdbc346 |
|
VISUAL
dHash
|
32a2b2d2e6969e94 |
|
VISUAL
wHash
|
0083db7a7bebc246 |
|
VISUAL
colorHash
|
190010000c0 |
|
VISUAL
cropResistant
|
b9e998ac31f95918,32a2b2d2e6969e94 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5879 techniques to evade detection by security scanners and make reverse engineering more difficult.