Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D371212150207E3712A392E4B6E9EB5322EBC31CCF91190807F8C69D1BE6C56FA3B954 |
|
CONTENT
ssdeep
|
96:6Tfy8BVgExdTEn+HMhTFk6ZMhTtk60fbgST7:6TfjgidTEn+HMhTFk6ZMhTtk6qFP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9999336666666666 |
|
VISUAL
aHash
|
1818181800000000 |
|
VISUAL
dHash
|
b2b2b2b214280000 |
|
VISUAL
wHash
|
fcfcfcfc00000000 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
a2b8e2a2b6a89696,b2b2b2b214280000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5 techniques to evade detection by security scanners and make reverse engineering more difficult.