Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15463533272040E7ACB17EF94B4139F8081BED25CD992E06CC26DD627CAE7CE7956D606 |
|
CONTENT
ssdeep
|
384:LH59sefp40GdKleMvg8NKpnNfZwCtglgCXTQOg2NjaNcFEXI+3KDbXIid:LbseflCKhvg8MH7tKgkaNcFD+6/XIid |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d3936d6c65929362 |
|
VISUAL
aHash
|
183c7c3c301818ec |
|
VISUAL
dHash
|
d0d0c9e9e2303048 |
|
VISUAL
wHash
|
3c7c7c3c3810d8fc |
|
VISUAL
colorHash
|
300001c0000 |
|
VISUAL
cropResistant
|
f2f0e0c0818acce0,d0d0c9e9e2303048 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 189680 techniques to evade detection by security scanners and make reverse engineering more difficult.