Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16751A423E780213905D38295B717239A4375C174E3570B1869F4C2183B9FA8E8DF7BAE |
|
CONTENT
ssdeep
|
96:Tj/0J+1izL1RjB8h8fL14K0ULsFwQz7v7kPpkNa:HMIMzL1RjWi1psmy7va |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
91116e1ee96e95c9 |
|
VISUAL
aHash
|
00000f0b0f0ff8ff |
|
VISUAL
dHash
|
a59a9a9a9a9a0000 |
|
VISUAL
wHash
|
000a0f0f0f0efeff |
|
VISUAL
colorHash
|
31006000000 |
|
VISUAL
cropResistant
|
fef9e9c1e2c6c8c1,7438383c3cbc9dac,000001aa00000000,e59a9a9a9a9a1000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 45 techniques to evade detection by security scanners and make reverse engineering more difficult.