Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C582DA725168DD7F61E3C2E8E3B5662B33E6D286CA47031147F983AD1ED2D85ED1B090 |
|
CONTENT
ssdeep
|
192:c+Rb3/Z3DCjz6tDGxOHPwIHs24UWITIljPFw9812ZjCmkkrvUNYFoV9zW:Xb3x+jzsP1sayh9u8Qj1kGMYFeW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b9190e663139cece |
|
VISUAL
aHash
|
03073f4bcfffffff |
|
VISUAL
dHash
|
5f58e09018200000 |
|
VISUAL
wHash
|
0100180b0f3fffff |
|
VISUAL
colorHash
|
070002400c0 |
|
VISUAL
cropResistant
|
5f58e09018200000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1 techniques to evade detection by security scanners and make reverse engineering more difficult.