Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T151D133E1C408DD7B471286D9E7F66F57B792C34ACA06154097F883BBABC6C60CB216D8 |
|
CONTENT
ssdeep
|
192:QRAjDQjzeTkGJYMn6ayIM/jR6j98VrcEsjKIMnH3:QRAXuOlaMn6a/M/16jCVrmnMnH3 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b84f473938474739 |
|
VISUAL
aHash
|
00ffffcfcfffffff |
|
VISUAL
dHash
|
84004cbc99986080 |
|
VISUAL
wHash
|
003a23c74d4f1f5f |
|
VISUAL
colorHash
|
07000000c00 |
|
VISUAL
cropResistant
|
40124abc99984080,0000000000000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.