Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F5431B31A840DD3B01DB86C86673066AB2E68345CA231589FBF4C3F95B9FCA8CE77515 |
|
CONTENT
ssdeep
|
1536:DFhBLs2Rnf8M9ZaUsONdYD+q3G6Upkt5Mi5XXppZ60sPWT4pf7Ow6KnAskyLD/V3:9d8qajnXjZ60s+T4pf7Ow6Knsyf97T |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cb6bb534127e3449 |
|
VISUAL
aHash
|
00f9f888f8f6f0ff |
|
VISUAL
dHash
|
cd43131133242302 |
|
VISUAL
wHash
|
00f9f888f8b0f0fe |
|
VISUAL
colorHash
|
06e40000000 |
|
VISUAL
cropResistant
|
09c3113133242302,014426d3d3962401,0f236561c1454553 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 69 techniques to evade detection by security scanners and make reverse engineering more difficult.