Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BD933BF0A780FC22047780C5F09FE689B3B60117FA580AB4359DDAD673DF86706A75A6 |
|
CONTENT
ssdeep
|
1536:YGwPDbpFdtGgIgFY8b53gXbLpzQ2N0msQw:YMLDVw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9119642de5e5709f |
|
VISUAL
aHash
|
001c5c5c0c003efe |
|
VISUAL
dHash
|
863199d9d89568a4 |
|
VISUAL
wHash
|
421c7c7c1c00fefe |
|
VISUAL
colorHash
|
30200048000 |
|
VISUAL
cropResistant
|
8c7171ea96acb1c6,c80421bef20d8df2,38362e4f24d4cc23,f1ccce96c6ccccc6,f8cadbb333773e1e,88b08ccdcd8c9088,863199d9d89568a4,c1057d35894b23d3,3e4f232b13874f66,5e5c6d6333268ccc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 36 techniques to evade detection by security scanners and make reverse engineering more difficult.