Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AEF2099423F893F0E006FFF996722426775E18FA2F51D5A1C3E19E91C89686C8D65CC3 |
|
CONTENT
ssdeep
|
768:i+5J8er0tZzxBvsKWJyjpXz+tk/Sub88er0tZzxB4:b6dXHvsKWmXzU+ddXH4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b4714b6c591b6473 |
|
VISUAL
aHash
|
00ffffffffffffff |
|
VISUAL
dHash
|
930c9c1884566885 |
|
VISUAL
wHash
|
0007c7cfc7c212ff |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
c09c940896566882,0080639393630000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.