Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F903FE309800EC2B01DB9AD95536532A62F68346CA130A89FAF4C7F95BEFD6CCE37515 |
|
CONTENT
ssdeep
|
768:7rsIx/jmm2WAWSTXtsAAs6s6L/AJhs30xScc+n6Uf79F:XsIxAOXXL8hs30xScc+nl79F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93879c42e5787978 |
|
VISUAL
aHash
|
ff3f0060800000ff |
|
VISUAL
dHash
|
c4ed1bce4e9838ba |
|
VISUAL
wHash
|
ff7f00e2a30008ff |
|
VISUAL
colorHash
|
0e206000001 |
|
VISUAL
cropResistant
|
c180c18585a18094,b8b8b80028425a5a,c4ed1b8e4e9b9838 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 72 techniques to evade detection by security scanners and make reverse engineering more difficult.