Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T141E2C973D1408B3B0283C3D9A5B2FB15E1D1C181EE22158FE3FD43AD9EC5EA66A57614 |
|
CONTENT
ssdeep
|
384:OQGdU4FOe5o2aFTSGPt3uOA9Y9plax5dLSGBnWfvsuLAcPl6DwvD:OldD4ACTl2pBn20M0Dwr |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a5f80ff82583760d |
|
VISUAL
aHash
|
fffff7ffc3c00000 |
|
VISUAL
dHash
|
285616969694d4d4 |
|
VISUAL
wHash
|
fffff3efc2000000 |
|
VISUAL
colorHash
|
00c00018000 |
|
VISUAL
cropResistant
|
085216c6969694d4,1616d696d4d4d4d4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.