Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DB14BF234159792A4437C7D024AA9B3BD1A6DE8BFAA70A014FDCC7F72BF9C50741A21D |
|
CONTENT
ssdeep
|
1536:0QvsIkx/4UgQmTa3MZo+Hd1+TlHpwPn3Dt6tpu7Q3awSd+Smfu4/ZT4oU5yglHFG:ZOQmRpIuojfQ+Ro |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec6e939492b39361 |
|
VISUAL
aHash
|
ffd1c181d1ffffff |
|
VISUAL
dHash
|
2b27032323671f19 |
|
VISUAL
wHash
|
a9918181c1f3c3ff |
|
VISUAL
colorHash
|
060020001c0 |
|
VISUAL
cropResistant
|
2b27032323671f19,820080e068600082,8200803030700082,8200c03030700082,8240303070204082,a280a08c8c8c80aa,a2a2b2b2b2b28e8c,ac69006479b3934e |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.