Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T191513217A191B0050A19625EFC63E3EDD3134489FC250A86E5F9C02EA9F14D5CC27E8F |
|
CONTENT
ssdeep
|
48:Pz9j2SVgUCLa4yLbSK9py73ktiO8C6gAoEGXPljJ6di:Ppj2naeK9073GiOinxSsI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
984d4d38b3b6e326 |
|
VISUAL
aHash
|
000000ffffffffff |
|
VISUAL
dHash
|
32b2301030b0b838 |
|
VISUAL
wHash
|
0000008fdfdf9fdf |
|
VISUAL
colorHash
|
17000000e00 |
|
VISUAL
cropResistant
|
709c38b0b830b830,200cb23214b2324c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 11 techniques to evade detection by security scanners and make reverse engineering more difficult.