Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19B7368231C3E786B048F87A3F2395E47AF5FF681DA22624D93F463592AB7D59CD42200 |
|
CONTENT
ssdeep
|
384:6IC5KAXLpxeLegmb5pjtmwqNgYGvV+VAaLtozl59cLQuv9nrOw/cLaeA9Z/Wvhrn:6IC5Kg5K4VHaLtCl520e9fOIv0H |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b1694ccb9b636c2c |
|
VISUAL
aHash
|
3842c3efffe77e3e |
|
VISUAL
dHash
|
f29496c8c8cccce0 |
|
VISUAL
wHash
|
384242667e667e3e |
|
VISUAL
colorHash
|
07038000000 |
|
VISUAL
cropResistant
|
f29496c8c8cccce0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 111 techniques to evade detection by security scanners and make reverse engineering more difficult.