Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16F311235C800062E972692E1FE4DBE2EC9E7C557D623655064FE01BE8BBCF98D0AD508 |
|
CONTENT
ssdeep
|
48:TYcghcycycnCcYSchcyjQ4052sl+ho2fPRx9WfqC:TYZrHwCnSktjQ4C2EuXMV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cec73139cec63131 |
|
VISUAL
aHash
|
00382c3c3c1c1800 |
|
VISUAL
dHash
|
10604860f0702020 |
|
VISUAL
wHash
|
003c7c7e7e3e3c18 |
|
VISUAL
colorHash
|
380000001c0 |
|
VISUAL
cropResistant
|
10604860f0702020 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.