Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19013B73523842B3E9A17CBA8F6B0B338926ED29CD6379559F2ED017217C7C49D933294 |
|
CONTENT
ssdeep
|
768:hb4a6oC/YzJafYIht43QOYrdV+EFVgVQYw6YUXKo23UkaNcFK:hb4C3igHkgc0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8c9d24373636b3cc |
|
VISUAL
aHash
|
02383c3c3c3c1010 |
|
VISUAL
dHash
|
84f070f0f0d8f0e1 |
|
VISUAL
wHash
|
027e7f7e7e3c1010 |
|
VISUAL
colorHash
|
3803a000000 |
|
VISUAL
cropResistant
|
84f070f0f0d8f0e1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.