Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T100B295786780597D61CBC2B2F665AF3AF29DC387DD17A28FD2F8C2250796C40CD92690 |
|
CONTENT
ssdeep
|
384:nRguvKqGouBStfEQp4hjYVXHg5Hdhgv1Bv6OsGcxulXoNIT+pNK:RguvLOSXHg5Hdhgv1BvvsGcxulXocYNK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9f1e5be0e1cbc260 |
|
VISUAL
aHash
|
9d1c37b5c3e7bfaa |
|
VISUAL
dHash
|
79756d619e865a4a |
|
VISUAL
wHash
|
9d1415b1c3e7aaaa |
|
VISUAL
colorHash
|
0700000001a |
|
VISUAL
cropResistant
|
79756d619e865a4a |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 28 techniques to evade detection by security scanners and make reverse engineering more difficult.