Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17072E8A26258273D5647C2E8F7F9B321825EC2AED127C559F2AD03B115D7C88F9277C0 |
|
CONTENT
ssdeep
|
192:sN7beepPE+QT2BIDJDUeVvzQeAz2e36AwB5K0bjywAcQSyUZxBcFL/W:YeWE+miiqX36Ksow2NjaNcFK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cccd33702cf033cd |
|
VISUAL
aHash
|
7e3c3c1818003400 |
|
VISUAL
dHash
|
d0f0f0b0b0c8d455 |
|
VISUAL
wHash
|
7e7e7e7e3c003c00 |
|
VISUAL
colorHash
|
30000000038 |
|
VISUAL
cropResistant
|
d0f0f0b0b0c8d455 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 15 techniques to evade detection by security scanners and make reverse engineering more difficult.