Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A422423CE280B93B41A382C59B256757A286CD86CE23274A36FDD71D8FD6E4ECC21534 |
|
CONTENT
ssdeep
|
192:gGa4/eW9epR2tmbRAsTKE81515VTK+IrTHyIGbwHDH7Rhh:+utmbRA9E8b3NKbiIDT7Rhh |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ee90916e6e6a6991 |
|
VISUAL
aHash
|
fffff1f1f1f1ffff |
|
VISUAL
dHash
|
4930c3232763e570 |
|
VISUAL
wHash
|
a0fef19111313f1e |
|
VISUAL
colorHash
|
06000400088 |
|
VISUAL
cropResistant
|
4930c3232763e570,6df17373732b8ef0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 7 techniques to evade detection by security scanners and make reverse engineering more difficult.