Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T102D21AE4274450A52293C7E4E0B25BA872D6F36FC7228154E3E40BB98BC6EFCDD459C2 |
|
CONTENT
ssdeep
|
384:x2ApYUznEEqp1mRor5cGr89bCCNyocDz4skv3dV9cU:RpdzEXAerusDz4p9cU |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c6b19eb8c3c7b098 |
|
VISUAL
aHash
|
ff00707040003030 |
|
VISUAL
dHash
|
ae00c2c280a06464 |
|
VISUAL
wHash
|
ff00737370f07078 |
|
VISUAL
colorHash
|
30000038000 |
|
VISUAL
cropResistant
|
0000002070696004,204c991a1a995d01,8e82c2c280a06464 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 486 techniques to evade detection by security scanners and make reverse engineering more difficult.