Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B202CE75E110FB3351E341F6F16B22AAE2B58986D7E6460851F8870C9FF4C20CE2769B |
|
CONTENT
ssdeep
|
192:QMEdpa5XhzroEtRwKWvyAK53FKqBzzGQMcapF:Q1a5XWEf4xf |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e0e1e1956a3e1e1e |
|
VISUAL
aHash
|
66660040067f0600 |
|
VISUAL
dHash
|
cccc8993ec8e8cc4 |
|
VISUAL
wHash
|
e6ee60c0077f7702 |
|
VISUAL
colorHash
|
380000001c0 |
|
VISUAL
cropResistant
|
7727db5959599989,6969663222665959,cccc8993ec8e8cc4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.