Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11D52A8D4D214D7E8B44B47FE78327DD4328AB86FB4B1A4ACD0668A9157E39E81C80CD7 |
|
CONTENT
ssdeep
|
192:Q26lccVzWeu31iy9zlccVzWeuXhk1rWTJBaKBsFnMgr7r6kleRLvCwh0jwg9:QCcFWL3kykcFWLxk1rWTJpmMljRL80O |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b5144a5a96b6b54b |
|
VISUAL
aHash
|
4242c7c7c7c7c042 |
|
VISUAL
dHash
|
949696961696928e |
|
VISUAL
wHash
|
4242c7c7c7c7c3e2 |
|
VISUAL
colorHash
|
38000000007 |
|
VISUAL
cropResistant
|
8e8e3a2292333386,949696961696928e |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 151 techniques to evade detection by security scanners and make reverse engineering more difficult.