Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E571654840058F0E614D3681FE791A8FD0D6C145C71A585CB2FE4D7A1EF9DED88A9EB8 |
|
CONTENT
ssdeep
|
48:bTR0kwJb7ibGmSTn8R81F9cMiuFdwifWiL8un9FfIlchx9FfeFE14mUhTL5AIyMM:xC/Z3Z68YFE16TLGbohC |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b87973279ccc2323 |
|
VISUAL
aHash
|
c0c0c8991b030707 |
|
VISUAL
dHash
|
1e0e333333f7dfdf |
|
VISUAL
wHash
|
c1c3cb9f1f070707 |
|
VISUAL
colorHash
|
380000001c0 |
|
VISUAL
cropResistant
|
1e0e333333f7dfdf |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 19 techniques to evade detection by security scanners and make reverse engineering more difficult.