Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E1D35220B3C42A1CC45F42D8E1E4A731406DEBDFE82B61D7F96A07B11357D78E9AB498 |
|
CONTENT
ssdeep
|
1536:cT9jTXcH6E9yjADT9jTXcH6E9yjAvKBHsim/TzT9jTXcH6E9yjAAwgb:ce1e9/Pe2 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9212ed69e9ec4cc9 |
|
VISUAL
aHash
|
fd0606060400ffff |
|
VISUAL
dHash
|
69ccccccdc3c0320 |
|
VISUAL
wHash
|
fd060e0e0400ffff |
|
VISUAL
colorHash
|
030000001c0 |
|
VISUAL
cropResistant
|
8400612b6b616984,dc6c607071d07161,c02b33c000002228,0080b0e6c6e6b980,ccccccccccccfccc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.