Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T149224572B2D0246A2147CAD4F5A2F7BD75BFC30ACB034974D1E827BA17CACE59861294 |
|
CONTENT
ssdeep
|
192:SsUDxSwLR+yOH8cYKS8cYKq8cYK8C9Q7e9:STV19+pH8cYKS8cYKq8cYKS7e9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a666379999998d26 |
|
VISUAL
aHash
|
ffe7e7ffffe7e7ff |
|
VISUAL
dHash
|
b24d4d32324d4d30 |
|
VISUAL
wHash
|
7f27273f1c040400 |
|
VISUAL
colorHash
|
07000000038 |
|
VISUAL
cropResistant
|
b24d4d32324d4d30,6186939393966182 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 19 techniques to evade detection by security scanners and make reverse engineering more difficult.