Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16A52A42095857A3B06B213805B93F71EE3C161C1E1370EC9D6FD878A8A8ADF4DD3665B |
|
CONTENT
ssdeep
|
192:SjE3q44CCXstERq/qRoNFyGmasZs6wkMS2H47Lx+hP5CAj7LnFS3NjR:G44CwsOq/qRYFy34dSz3xq5BHFmFR |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99a4669db7249d31 |
|
VISUAL
aHash
|
3c3c181818183824 |
|
VISUAL
dHash
|
e871b2b2b2b2f0c8 |
|
VISUAL
wHash
|
7e3c183c3c187c7c |
|
VISUAL
colorHash
|
30000208008 |
|
VISUAL
cropResistant
|
86553337199d8e8a,e871b2b2b2b2f0c8,470303938eca5242 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.