Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17AF17732D250361922D98358FA21C6DE73405262C30A0F6C5F79873FF98C6F5CA3A6A9 |
|
CONTENT
ssdeep
|
192:XFCvn6YhaIChrDrbx9rkidXPwheMaoSK+cJpciiXU9OOG:XanvaRnXx93d9U9O5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bc6d2d38c7c38692 |
|
VISUAL
aHash
|
8181dfffffdfdfff |
|
VISUAL
dHash
|
33332b2b313f3f37 |
|
VISUAL
wHash
|
81818383df8f879f |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
33332b2b313f3f37,ff7faab2b3f9f9ff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.