Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BF03021231489A95C2F34DD999002A847082EB0EC8718770D6B84E7767E3AB577EDF7E |
|
CONTENT
ssdeep
|
768:v1BkhZfoz7GXopWy8H3u5+LMJ8dQVs/LL6fB:v1OwioQy8H3u51dsa |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a5d22d56d6255897 |
|
VISUAL
aHash
|
ffffffffff000000 |
|
VISUAL
dHash
|
0c00000c0c321266 |
|
VISUAL
wHash
|
eeffffc3e7000000 |
|
VISUAL
colorHash
|
17000000000 |
|
VISUAL
cropResistant
|
0c08000400160c08,a9a8aac8a8c5aaaa,08323616766e7666 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 87 techniques to evade detection by security scanners and make reverse engineering more difficult.