Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17222A7B56214167A12C7C7F1B6A1FB29F2E4C35ACA6BC585B3DD43DA0BCACA5DC80310 |
|
CONTENT
ssdeep
|
192:OnhVnNxPRhdB5dn9Qb9Apr1FYwx8fYoe5AVtAxq1t3bpG4RExoJnel+e51HTL:O7f3dBLm9AZYwxSe5atrpXREyJnel+e3 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c77339c69238c6c5 |
|
VISUAL
aHash
|
80b0200c30310101 |
|
VISUAL
dHash
|
20464a2967671373 |
|
VISUAL
wHash
|
c0f0f0bdf1731b03 |
|
VISUAL
colorHash
|
38000618000 |
|
VISUAL
cropResistant
|
12e41a2f03f000fe,20464a2967671373 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 8 techniques to evade detection by security scanners and make reverse engineering more difficult.