Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D854F022B501BC06C2034ECF4265D924BB1DF725CA1A53D6F7841B3B976ADB17DBB828 |
|
CONTENT
ssdeep
|
1536:Xw1hbGVRD88jsDm/alJyo/Hm9/OKMRlc4REW5qKZfIwPp/h3LEmesnEGKHf1irVM:XvSz8H6/WHf1iJDcj78q66jj2H4v |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
af42bf503d50afc0 |
|
VISUAL
aHash
|
04307800007e7e83 |
|
VISUAL
dHash
|
2cc5c3c512d0d477 |
|
VISUAL
wHash
|
04307800fb7e7e9f |
|
VISUAL
colorHash
|
31000e00000 |
|
VISUAL
cropResistant
|
8166764e1e616190,2cc5c3c512d0d477 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 77 techniques to evade detection by security scanners and make reverse engineering more difficult.