Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T177A34D60364CB5775AB343E7609B3607B278821BC40F4950B354E8AAA3EDC9B9437FD9 |
|
CONTENT
ssdeep
|
1536:JXazuT0Nbz018W5/Nhh8z/dbFXRjaPndp7Ddvz:JXazuT0NbsJmz/pFdEBr |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a6238adc7ca5a176 |
|
VISUAL
aHash
|
1d00676300ffffff |
|
VISUAL
dHash
|
69efcece2c2c6c6c |
|
VISUAL
wHash
|
3d00230200fff7ff |
|
VISUAL
colorHash
|
06c40008000 |
|
VISUAL
cropResistant
|
69efcece2c2c6c6c,4f4f4f8f1f9b9b1b,8fcecc9406050f0f,636747c7c7e7c746,4bc3c5cd63c14d77,d080070e1cb08062 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.