Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C302437294C96777029152C05BAA7329F243828BCD364B4392E753A69D8FF9FCC2224D |
|
CONTENT
ssdeep
|
96:UugvGYOSJSJS8bOlEh2rJFeucci7Ei69F9mZcfJ5:QtL44TJFGv7A9Pmw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
87963838c7e76592 |
|
VISUAL
aHash
|
020e3e3c3c2c0d00 |
|
VISUAL
dHash
|
d69c6c696969bb65 |
|
VISUAL
wHash
|
470e3f3f3d3d0d00 |
|
VISUAL
colorHash
|
38000000088 |
|
VISUAL
cropResistant
|
70e1e8d161e0929f,696935b68a2c4849,d69c6c696969bb65 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 15 techniques to evade detection by security scanners and make reverse engineering more difficult.