Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C31212F0D051ED3B476681D5A7B23B1F76E1C345CB020E6463F853AE5BCACA1CA22599 |
|
CONTENT
ssdeep
|
192:QLCgzYFfhKM28iCEmkEACSkEhChMlOlI8F:QLH2KH1CEBExFEkmlOy8F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8b78b46ccdb482ea |
|
VISUAL
aHash
|
ff001c3c3818dfff |
|
VISUAL
dHash
|
1769f971616936c0 |
|
VISUAL
wHash
|
ff00083c38381fff |
|
VISUAL
colorHash
|
07000019080 |
|
VISUAL
cropResistant
|
579769f9f9616969,ca5672ba9999cc8e,e20040008000d0d0,e979f9e961696972 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.