Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T132B25F71D2556A3F90E7C2D5D2BA233A73EAC18DEA13021943FCC3B85BC9C96ED22554 |
|
CONTENT
ssdeep
|
768:vflOuxlnenOTnmvHEizx++lCg59b+ICA5sF+aCl57C+gCR5FG+ACt5obp:vfdneOTmvEiF++lCg59b+ICA5sF+aClS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3aa3c389ac3e53c |
|
VISUAL
aHash
|
0100606c6c602000 |
|
VISUAL
dHash
|
11b8c6c9c9c0c810 |
|
VISUAL
wHash
|
fb607c7c7c7c7000 |
|
VISUAL
colorHash
|
38001000180 |
|
VISUAL
cropResistant
|
11b8c6c9c9c0c810 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10948 techniques to evade detection by security scanners and make reverse engineering more difficult.