Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12BF322618315142B61A3E5C57A30CB5FB28ACD86C2B6076507F9833E9ECDFE4AC762C5 |
|
CONTENT
ssdeep
|
768:bq3qcrHglQcDIkqcrHglQmKsYY67ZiD3xb5++m0VZaUJLBR76De:bq3xgl+kxglf3h5Lm0VZNJLBlqe |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
91e96cb4e16996b4 |
|
VISUAL
aHash
|
0f0f0f6f6f0e090f |
|
VISUAL
dHash
|
121918d9dcdcdb1c |
|
VISUAL
wHash
|
0f030f4f66460000 |
|
VISUAL
colorHash
|
38001000180 |
|
VISUAL
cropResistant
|
a292884c4c9082a2,121918d9dcdcdb1c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.