Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12A92B75C4C232996A22FC63765617B18D072335DEF3F988976EA23452EDBC810DE15BC |
|
CONTENT
ssdeep
|
384:JaasOsEZXZo2ZERF2ZERaZ/hjfFJuZ/hjfFJ+:HsOsEZXZxZER8ZERaZpjfF0ZpjfF4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
92684873667373ce |
|
VISUAL
aHash
|
00182c262e3e3e3c |
|
VISUAL
dHash
|
84f0dcccccccf8f0 |
|
VISUAL
wHash
|
00183c2e6e7e7e3e |
|
VISUAL
colorHash
|
38002400040 |
|
VISUAL
cropResistant
|
84f0dcccccccf8f0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.