Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T168421031A14568270AA783C8A670A36FB2C6D718CE034B5497F3D71F1FC6EA2DD1969C |
|
CONTENT
ssdeep
|
192:H6h4UJxUqgQsJ3+3q36NKknDLPNSiQbsF6:HkN7sJ3+3q36NKkDLPNSib6 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd86368d3c72c963 |
|
VISUAL
aHash
|
3e3e3c3c38380000 |
|
VISUAL
dHash
|
7464f1f171704d52 |
|
VISUAL
wHash
|
3e3e7c7c3c3c2c20 |
|
VISUAL
colorHash
|
39000018040 |
|
VISUAL
cropResistant
|
f0f4fe6efefefeff,ce49c9bcf1e9cf6a,a2a2a2a2a2a2a2a2,7464f1f171704d52 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.