Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EAA2A57331495C3613A785D8E3E2760D92C7E6C7CA469894B7AC835C87F2CB4BD93228 |
|
CONTENT
ssdeep
|
384:4fUD6R/zrcb8oumcZf3ey4we4deckeEeeAXj8oap:AIumfSjU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9919c6e6a239b5a6 |
|
VISUAL
aHash
|
bf000008ffffffff |
|
VISUAL
dHash
|
5a5a1a1a58623262 |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
06c00008000 |
|
VISUAL
cropResistant
|
5a5a1a1a58623262,8080c1c1d9dbd1f3,b3b3be9204954119,3363676f6f7e6dd9,3a306270387079a1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 23 techniques to evade detection by security scanners and make reverse engineering more difficult.