Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11AF11172B500FA3742C391E2EB31A76BB3F59197D983031102FC835D9BC6E85DE26469 |
|
CONTENT
ssdeep
|
96:TLu+59gYDH3P73dGUF/nL2hw+M6ESlg6BSUbyK6/SUwk1fQmCSmk:3ukDXb9F/LClIUbpUwG4mHN |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c9cb33726363393 |
|
VISUAL
aHash
|
0618181818183c3c |
|
VISUAL
dHash
|
543230b460327069 |
|
VISUAL
wHash
|
7e3e3e183c183c3c |
|
VISUAL
colorHash
|
38001000c40 |
|
VISUAL
cropResistant
|
543230b460327069 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.