Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15A21323150248DA3C25695E5BBB2BE0D3959A7D6F3C32B1616D8938C1DDFE63DF10284 |
|
CONTENT
ssdeep
|
24:hR9LxyMGFms3jWnAGnbr4iRtEjyKWGY2eba4COTN9+k12Rou/Fa:TNL1s3KnFfHRtE2/GfMhCIH+Rouk |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cce66639994c1973 |
|
VISUAL
aHash
|
d0d098bc98988000 |
|
VISUAL
dHash
|
27073133333323b3 |
|
VISUAL
wHash
|
f0f0f8fdb998d010 |
|
VISUAL
colorHash
|
06e00000000 |
|
VISUAL
cropResistant
|
27073133333323b3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.