Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EC9339F2D3E8EEA1F013A7C4F091B652516B2079DB85CED8DABC46B8F3C585909735A0 |
|
CONTENT
ssdeep
|
768:fiW2DpiFHOulS5W5vZi/J0FfK1KA2MEJaems4QQF1tJBrPXX8xwq0+WJsipQb1vN:fh0+WJsipQ124 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9414fa436dc632fc |
|
VISUAL
aHash
|
000c0000000cffff |
|
VISUAL
dHash
|
f8f8b4f6f6d8343a |
|
VISUAL
wHash
|
040e0e121a1effff |
|
VISUAL
colorHash
|
02000600018 |
|
VISUAL
cropResistant
|
f8bcb4f6f6d8343b,fcf8b4b4f6f6f8d8,3f5592bbd8754917 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.