Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T127A42DE180643C7E059383F9F731EA99B3D29085CF9305905AF8839C9BE5E6AED1B45C |
|
CONTENT
ssdeep
|
3072:Llrl9A7YEhuFLTj+u0xPDOPbK4PoKt9rKd6NKc6FKB63KnP8K7PEKoP4K7PGKFPj:LguFT+uXfH97J+5CM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bec3c99613389669 |
|
VISUAL
aHash
|
ffff878787878381 |
|
VISUAL
dHash
|
2b502f2f2f2c3f3b |
|
VISUAL
wHash
|
ff9d878387878181 |
|
VISUAL
colorHash
|
0f200098000 |
|
VISUAL
cropResistant
|
2b502f2f2f2c3f3b,3332733108509093,ccc65cd49c785b2e |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 61 techniques to evade detection by security scanners and make reverse engineering more difficult.