Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T188C204B34488312A331662C5BC10B3FAC687405EAA6E4B417DB496C53BE2E765D1DF2F |
|
CONTENT
ssdeep
|
768:kn66La0Vntib5caGNoPfcpCbjaPIcKDSYD/ZSngLgkDXp:knHLnVt4KCPfc2SYD/ZSnF25 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9915c4ee6a29be32 |
|
VISUAL
aHash
|
ff0e0e0001ffffff |
|
VISUAL
dHash
|
32dedadb99253725 |
|
VISUAL
wHash
|
da06080000ffffff |
|
VISUAL
colorHash
|
06000c00000 |
|
VISUAL
cropResistant
|
32dedadb99253725,00000c0878302060,63636b6b6b636303,679f735c7961a9a9 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 133 techniques to evade detection by security scanners and make reverse engineering more difficult.