Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10783353D62C09A2540CF87E2E5B59E35D1BDCB99DB135D8BF2A8C396178EC58CB63210 |
|
CONTENT
ssdeep
|
768:CrsIx/jQEFfpqMrpbfXHwo4xBg28Qgz1v3PZoGEWbun1BelEFUf79F:ssIxdfEMAI1v3PREWb179F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a99fd2c2c09dd42d |
|
VISUAL
aHash
|
ff0f030303030300 |
|
VISUAL
dHash
|
09dfd7d3d3d7d393 |
|
VISUAL
wHash
|
ffff0b3b23070300 |
|
VISUAL
colorHash
|
06c00010000 |
|
VISUAL
cropResistant
|
03dbd7d3d3d7d7b3,dfd3d3d3d7d7f397 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 71 techniques to evade detection by security scanners and make reverse engineering more difficult.