Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T138123570A104AE33019781E663B3275F72EFC386CA1327455AFA839C07D6CDADD6B691 |
|
CONTENT
ssdeep
|
192:o2DigJLLilqiBk9YWKf7+zrVUfK+IW5HTTy+Jiq45PXqLXfC0:ig1Uqok9YWKTur9z6ztiqKvqLXa0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3e21e3931933ec6 |
|
VISUAL
aHash
|
4470746460247c04 |
|
VISUAL
dHash
|
99c5c4ccc0ccd0d0 |
|
VISUAL
wHash
|
ec75766400747e3c |
|
VISUAL
colorHash
|
38c08000000 |
|
VISUAL
cropResistant
|
99c5c4ccc0ccd0d0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.