Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D8F142E1C054DD2B132389D5F7F56B5F7692C349CF02098853F882EB9BDACA0CA16699 |
|
CONTENT
ssdeep
|
96:TkpJ79ohOlzH0X0eGnVmlb7SS8ct76jMwvF1e9X1HF/exXEHkgtX5z/iQPJ:QpJ79ohOlzH0XsnoBZ4jyXkelz6QR |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9616ec6da5393938 |
|
VISUAL
aHash
|
003c3c3c3c0000ff |
|
VISUAL
dHash
|
e8e8e8e8e8176800 |
|
VISUAL
wHash
|
3c7e3e3e3c0000ff |
|
VISUAL
colorHash
|
3a006000000 |
|
VISUAL
cropResistant
|
82cec8b2b2b2ce8c,0000000000000000,e0e8e8e8e8e81768 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 63 techniques to evade detection by security scanners and make reverse engineering more difficult.