Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T199835E30A461E93B01DFB5C4A632172AA2EA8345C64307D9F6F8C7AA4FDFC68DD23554 |
|
CONTENT
ssdeep
|
1536:ToXN+Iseee3eee1eee1eeeOeee1eee1eeekeeeWeeefeeefeeey+Cty1NB7sIxga:Toy1r87u |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd679832c967a8c9 |
|
VISUAL
aHash
|
830030303000183c |
|
VISUAL
dHash
|
1bccc0c5c030f0f1 |
|
VISUAL
wHash
|
ff3e787030183c3c |
|
VISUAL
colorHash
|
30007000200 |
|
VISUAL
cropResistant
|
42020a1a0c1a2212,1bccc0c5c030f0f1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 52 techniques to evade detection by security scanners and make reverse engineering more difficult.