Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DC7213717060D93F0783C7D15234EB1FA2E1CB46CE632A4A62F5938D4BD2D66DA6293C |
|
CONTENT
ssdeep
|
384:HMHdCzk02ISCqY9QutyyNY74+aQvXSgSEa/Zm4:HMH0r2ISCqYHty0Y74tQvXSgSEa/ZD |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed911656654b652d |
|
VISUAL
aHash
|
00fffbf9f1f0b0b1 |
|
VISUAL
dHash
|
cc1a120323c76367 |
|
VISUAL
wHash
|
00efebe9e1f030b1 |
|
VISUAL
colorHash
|
07e00000040 |
|
VISUAL
cropResistant
|
9c12120323676367,0080138b8a836000,0f070707070e0c78 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.