Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11B632EB09441E93701A782E97271EB0BB2C4D24BCB070696A3F9D3DE1ED6DE1DD905C5 |
|
CONTENT
ssdeep
|
768:0TpHDMLS9z+aWx5EnnC68jfIydj2KUKDwnm:6pHr9z+bXjfIAbb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8789389e7e726985 |
|
VISUAL
aHash
|
3e7f7f003e003e00 |
|
VISUAL
dHash
|
f8f8da486c686ccc |
|
VISUAL
wHash
|
7f7f7f003e043e00 |
|
VISUAL
colorHash
|
31200408008 |
|
VISUAL
cropResistant
|
98efb8b4e9a99298,f8a8aa444c7064e0,b99b989050509282,535f7d41b494b0b2,c5d7b534d4c5c455,acccccaaacef2c4e,bd94656a6266767c,f8f8da486c686ccc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 197 techniques to evade detection by security scanners and make reverse engineering more difficult.