Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12373F8A83959F5271EB343A710EE1403B378122B580D4D70B250FD9EB5BCC9AA16BFD9 |
|
CONTENT
ssdeep
|
768:6o94u2eHY0U5mK+4x4eIP32yEZMLwypGCCdaMK6kyLw15l9xy+UOLmXzRVZ27Of:+Lx4TESLwsGSMBDLw1j90+1Lmjzl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc6633993366cc66 |
|
VISUAL
aHash
|
00003018183c0000 |
|
VISUAL
dHash
|
0000202030b20020 |
|
VISUAL
wHash
|
0000303c3c3c3030 |
|
VISUAL
colorHash
|
38000e00000 |
|
VISUAL
cropResistant
|
0000202030b20020 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 21 techniques to evade detection by security scanners and make reverse engineering more difficult.