Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T166037421D8805B1A5A6791A0AF61C33F635442CAF24B8BE573F1C272BCCD9E0DC79759 |
|
CONTENT
ssdeep
|
384:SM3esywo6lGIYW/oENNN5mr9++3u3TGG+ln2gQ6OBB18z6Lk:SM3FfSmV/+e3aETPW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c27b38ca6b38ea6 |
|
VISUAL
aHash
|
0f0018181818183c |
|
VISUAL
dHash
|
fff0697132b23271 |
|
VISUAL
wHash
|
7f7c3c3c3838183c |
|
VISUAL
colorHash
|
30000000c41 |
|
VISUAL
cropResistant
|
62771d39b927676b,fff0697132b23271 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.