Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1781233E0D411EE37470385D9A7F56B0B7391C749CF020A4093F883ABA7CACA0DB2569D |
|
CONTENT
ssdeep
|
192:QKlJZzeSe8ib0vyYM/DoRy7Xxy3ZAHS35z/iZi:QKlDNe1b0vLM/DocdWZAHS3tiZi |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e76398649898679b |
|
VISUAL
aHash
|
ffe1e1e1e1e1ffff |
|
VISUAL
dHash
|
80cb0b4b4b8f8780 |
|
VISUAL
wHash
|
7f6101612161617f |
|
VISUAL
colorHash
|
06000000038 |
|
VISUAL
cropResistant
|
80cb0b4b4b8f8780,edb3f170fbfdffff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 55 techniques to evade detection by security scanners and make reverse engineering more difficult.