Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16BE1647AE0141177A3038DFE76B07B6E72C7834ECB975D40A6F593884BC2E50C85927A |
|
CONTENT
ssdeep
|
192:zGI/k/sBulhN+nE+3T+T+iQ894wI4wT58ofjZfjjP:zV/msBulhyCQ8OwXwF82jZjL |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
dc9f31352435319d |
|
VISUAL
aHash
|
c2bcfcf8f8c0e0d8 |
|
VISUAL
dHash
|
8661602020100030 |
|
VISUAL
wHash
|
c2fcfcf8f8c0c0d0 |
|
VISUAL
colorHash
|
00000000038 |
|
VISUAL
cropResistant
|
4e4ed5159494aca8,55554466a452d454,0182b2869696aa82,8661602020100030 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 45 techniques to evade detection by security scanners and make reverse engineering more difficult.