Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T114B294B4A208563D4B0B87A1B378BF2C535DA699DE1BE81DB27C136123C3ED4AD43D91 |
|
CONTENT
ssdeep
|
384:BiLAuvzeU2ucoZUEV0H2w8retukcmV/V9sd3FGkRbnW3o:BiLAubeU2ucoZUEV0H2w8retukcmV99A |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
dcfdcda1a12123a3 |
|
VISUAL
aHash
|
db98181818183c3c |
|
VISUAL
dHash
|
323230b0f0f07069 |
|
VISUAL
wHash
|
ffd83c18183c3c3c |
|
VISUAL
colorHash
|
38002080080 |
|
VISUAL
cropResistant
|
323230b0f0f07069 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.