Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11E2283E0D0A4AF37075281D5A7B6BB6B32F6C254CF01094413F893AD5BCADE0CE219A8 |
|
CONTENT
ssdeep
|
192:QDq/qm0z8inscUZuBuZtqzSD46iIo+4V+8F:QDU6BscpOt/46e+T8F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
dc0c76a373a35c8c |
|
VISUAL
aHash
|
a7001000ffffff00 |
|
VISUAL
dHash
|
4db2b23200100000 |
|
VISUAL
wHash
|
f7001000ffffff00 |
|
VISUAL
colorHash
|
06000000e00 |
|
VISUAL
cropResistant
|
280c6c6d6d8c0830,c8001080809080c0,0000000000000000,324db2b2b2b23230,0000002020202020 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 63 techniques to evade detection by security scanners and make reverse engineering more difficult.