Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11053B7710285DE3FA527C2E4E5B173252299D25EDBF7425CA66E0377D74BC82EA33280 |
|
CONTENT
ssdeep
|
1536:pkQKw2WPE4z2EtXUWygFJZD5kgcx+6/Xd:pkQVES2o+/N |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d3ecc8b3643311cd |
|
VISUAL
aHash
|
60fd3c00626c2c18 |
|
VISUAL
dHash
|
87e1f129c4d8d8f4 |
|
VISUAL
wHash
|
60fd3c006e7e3c3c |
|
VISUAL
colorHash
|
38401018000 |
|
VISUAL
cropResistant
|
8080405125608080,87e1f129c4d8d8f4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 189678 techniques to evade detection by security scanners and make reverse engineering more difficult.