Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T103226073A600CD2A8D9B95CCF6C09989412DC359FB3148CAB1A491FF7BC0DF069993AD |
|
CONTENT
ssdeep
|
192:TC3JIdpsWD6x5wMcnthWeNWbwv4w7VfMmUU8VCoz:zpj+Yv4w7VfMmUFCoz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3a2dc0877e2f609 |
|
VISUAL
aHash
|
ffffe7e700ffffff |
|
VISUAL
dHash
|
0c000c0cd2cc0000 |
|
VISUAL
wHash
|
07070707006f0d0c |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
000c080c104d0c4d,4000000000000000,51083032b2340841,4a01d8caca0149cc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.