Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EB620E32A0449D771193E6E9F370A31FB6C2D349CA431A86B2F8C79D4FD6D96CD60248 |
|
CONTENT
ssdeep
|
192:2kEAXPbnO14vRlqRJoTqz6cDya4mgNUjOgNaEu+:2K/6Tu/a4mgNULvX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
96161e1616be5e56 |
|
VISUAL
aHash
|
00ffffff0000ffff |
|
VISUAL
dHash
|
2d14250044481200 |
|
VISUAL
wHash
|
00ffffff00003030 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
6d1c0d2624480904,0000000000000000,323cadcdcdcd2d32,0048124cec6c1200 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 181 techniques to evade detection by security scanners and make reverse engineering more difficult.