Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12D127470C255A937A2A3D6E4B6719B2B73C4C242D747173067F9039DE6CED60ED211C6 |
|
CONTENT
ssdeep
|
192:3hA7XpL/z9Na+7Lwwq+mf5Fynl+YX4KCAcG+BJ0t:y9n9HIwZ05FynQLdIt |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9933939333993399 |
|
VISUAL
aHash
|
0c18181818183c00 |
|
VISUAL
dHash
|
2832b2322832b230 |
|
VISUAL
wHash
|
3c183c3c3c3c3c3c |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
0010084c4c100000,2832b2322832b230 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 64 techniques to evade detection by security scanners and make reverse engineering more difficult.