Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19AD3852012001E3E914383ECE3E5B739A3AE82D1DB1F8E4DA7B943515697C69DD6B3D8 |
|
CONTENT
ssdeep
|
3072:k318nc32SYtDwGyfynDA5IW1tmagf3lshnBc2cx:h5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
eeee1513cb10b46a |
|
VISUAL
aHash
|
fffbf1f1f1f900fe |
|
VISUAL
dHash
|
3a63276763a3e802 |
|
VISUAL
wHash
|
fff1f1f1b1f10000 |
|
VISUAL
colorHash
|
06000008038 |
|
VISUAL
cropResistant
|
2aa3272727616386,0002020202120e0a,cc9b2b6360646745,0000a8aaaaaa0100 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.