Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F6C16322530025098743E888E993EF0FD32AC706D14A65F969E911DED6CE5E58DF33DE |
|
CONTENT
ssdeep
|
96:TGqJKb/szvL/bAFJ0SOYSXYLmGjpe/RphbwM3:PQb/szvL/b6J03Y4YLmG4/RnbwM3 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
88dd237388dd2373 |
|
VISUAL
aHash
|
0000181818180001 |
|
VISUAL
dHash
|
100010b230100003 |
|
VISUAL
wHash
|
0c0c3c3c3c3c0303 |
|
VISUAL
colorHash
|
38006000080 |
|
VISUAL
cropResistant
|
100010b230100003 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.