Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1016242715048AB3313C763E5FB362FD6B7A093C0C64A4B5846F89BAD3B91D29CD27461 |
|
CONTENT
ssdeep
|
192:QXp7LVIaThnpWmDcg9B3QKAuczTl9JmmJwxo6nnyO6ckbyO6cfdyWbyO6cC:4ph9AsU/5zTlymJwa30BW0Z |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c94932763e36352d |
|
VISUAL
aHash
|
00f8f9f9f9fbfeff |
|
VISUAL
dHash
|
330372726282cc0d |
|
VISUAL
wHash
|
00f878f8f8fae0e4 |
|
VISUAL
colorHash
|
07030000240 |
|
VISUAL
cropResistant
|
338372726282cc09,6813033b3a065300,4c73303833333378 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.