Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AEB20C6AE1C0146901D391F1FF11BDAFD67C956CD636A2B0E9ADC5816380CF8817F2EA |
|
CONTENT
ssdeep
|
384:IzrzDPzQdQbhF6bUwqV07Wll20u6jd7KB/XL2ZEEIOhvMSMmwg6yszEkLZJlQKnR:IHnPUQbeNo07WlR57KB/XaEErYh/zEkZ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
963664652d3595e5 |
|
VISUAL
aHash
|
061c1e1c3c7c7878 |
|
VISUAL
dHash
|
9c797c7070c8c0e4 |
|
VISUAL
wHash
|
021c3e3e3c7c7c78 |
|
VISUAL
colorHash
|
30601010000 |
|
VISUAL
cropResistant
|
fffff7e1f1a9dfff,9c797c7070c8c0e4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.