Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FCC2E774A340063F245BCAE9B152B769F0EAD74ED75B945DF3ACC29227C3C58DE62280 |
|
CONTENT
ssdeep
|
768:/53/FH0fV96GJ5M96JV9Bp9tM99Ss//dUDtI0/+aaaZ:BWtxbFH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8404d35abd8bcbf8 |
|
VISUAL
aHash
|
ff0000000000ffff |
|
VISUAL
dHash
|
75e4e7f637f1db08 |
|
VISUAL
wHash
|
ff0611170000ffff |
|
VISUAL
colorHash
|
03c00000000 |
|
VISUAL
cropResistant
|
71e6e4f5f7e67434,f9f9dbd3200c0c23,e4e4f7e63497f1f9,236b690cb0846060,0a88ca4928bb5b4b,010149492697191b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.