Detailed analysis of captured phishing page
No screenshot available
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A8F3E8377225623E0317C7DEF5662A34F2E3A549CEDA51E8BEF883161392D70A42BD05 |
|
CONTENT
ssdeep
|
1536:+cQ7uAc1S9XJdVnUY/iYZ1nGwmbdNDLHOeOptEYoFXDX7a2/B2Q7aj/B/7ak/Mt7:SG89p2FXDat/pi2Y |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
80f800ff00ff1ff1 |
|
VISUAL
aHash
|
7f7f7f7f3f3f3f3f |
|
VISUAL
dHash
|
808080c0c0c0c0c0 |
|
VISUAL
wHash
|
7070707030303030 |
|
VISUAL
colorHash
|
07000c00018 |
|
VISUAL
cropResistant
|
808080c0c0c0c0c0 |
The phishing kit is designed to capture Banking credentials and one-time passwords (OTPs) in real-time. The 12 form fields suggest multi-stage data collection, likely simulating a bank's login and 2FA process. The OTP stealer component intercepts SMS or authenticator app codes to bypass multi-factor authentication.
Post-credential capture, the kit may initiate session hijacking by injecting malicious JavaScript into the victim's browser. This allows attackers to maintain access to the victim's Banking session even after the initial phishing interaction.
Large JavaScript file with high obfuscation, likely containing credential harvesting and OTP interception logic.
Pages with identical visual appearance (based on perceptual hash)