Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T119F26021B900EE2641CB59C8A673566963F98356C2121AD8FEB5C3F94BEEC7CCB37444 |
|
CONTENT
ssdeep
|
768:osIx/j0rgRGUta8z3zDBOxfp59NjTHWOpbfYqMRUf79F:osIx4rgkX8z3fBOXpbfYw79F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed13126d67323693 |
|
VISUAL
aHash
|
00faffd3f1d1fbff |
|
VISUAL
dHash
|
ccd21212a3333204 |
|
VISUAL
wHash
|
003adac31111fbff |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
d21212b323335204,24cccbd82418c5c0,3373510b9a59233b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 95 techniques to evade detection by security scanners and make reverse engineering more difficult.