Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11BF285916902B47E573789C1F2BA571E228549C8EFD787E1E3F812AD1B8AC05F4D34AC |
|
CONTENT
ssdeep
|
768:zlJoQwG+/Nubi0/c2QdYtzYXA+WwjZavXA+Wwj3OMXA+WwjDXwXA+Wwj84/wxR1R:5JoQK/8/zQYZKY |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a996f1962d865956 |
|
VISUAL
aHash
|
ffff00000000ffe3 |
|
VISUAL
dHash
|
161ef0f2f230081b |
|
VISUAL
wHash
|
ffff00000008fff7 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
02208686205e18a0,320c0e17000b1b1b,f0f0f9f2f6f17032,2d0c0d0c1d1d1f5b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 33 techniques to evade detection by security scanners and make reverse engineering more difficult.