Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T174D31D91A4E6593B003BA2C3F96A1F2526D2928EE41349D357FE57BD4BFDCA0701B80D |
|
CONTENT
ssdeep
|
1536:nMNFloE9kBwzJcATQJTRZOGiQcr2rjl4diuG6Om4r52emmzhC4f2HwueWt8unqv9:0VMLMT975K |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b9394e4e39316c4e |
|
VISUAL
aHash
|
00ffcbcbffffffff |
|
VISUAL
dHash
|
1700961b13020200 |
|
VISUAL
wHash
|
00ffc1c101313133 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
1804161b13020000,000767171707a700 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 11 techniques to evade detection by security scanners and make reverse engineering more difficult.