Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T149E1C876214B187B6007A6FCF0E0F76A4057920DD5BBC484B6DE43A797C2FD6CC62A64 |
|
CONTENT
ssdeep
|
96:d2vRFA1cgx+M73sQ8egsBPb46Kq+gnsXinBQpf4k5bxEkn2oiAyDgjDiRDgtI770:Avw1Nshi2inypf4WxE/NAyEjORZ7709 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ccf872e670c8e272 |
|
VISUAL
aHash
|
40181818383c3800 |
|
VISUAL
dHash
|
8030b03060607010 |
|
VISUAL
wHash
|
c018183c3c3c3cff |
|
VISUAL
colorHash
|
38000c00001 |
|
VISUAL
cropResistant
|
8030b03060607010 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.