Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T143D2B86123115B3EB10B8394E7B2B6E5321EB394E90BD4D452BD02F16ECACD9F61B9D0 |
|
CONTENT
ssdeep
|
384:758unbGwSSIm5iSd5z4bA9KvQSldKpV7AwjfxAmbgIdO6BX682gNvwfXNKdDYjXH:VRdkG+1Fl67BfxmJ4XnF0N8DOqFc |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8ad7aab75c297520 |
|
VISUAL
aHash
|
3cbc001818010301 |
|
VISUAL
dHash
|
69690071302b0351 |
|
VISUAL
wHash
|
fffc1818181803ff |
|
VISUAL
colorHash
|
38000000e00 |
|
VISUAL
cropResistant
|
48b2ae2fd5d6c000,8008806d2d840080,69690071302b0351 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 30 techniques to evade detection by security scanners and make reverse engineering more difficult.