Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12941A8302141B0375733F767BC104F2DA51283A98E1614246AF43BE96AE5CF18C295DE |
|
CONTENT
ssdeep
|
48:vEE1j1pupFxncQ7C1Ftv+QbwS5jbvxb++Ghd:MqPu0h+QUS5x61j |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c81e36e10d6e9ce3 |
|
VISUAL
aHash
|
001c1c187878e040 |
|
VISUAL
dHash
|
307870f0d0928d9f |
|
VISUAL
wHash
|
0c3c3c3e7cfce841 |
|
VISUAL
colorHash
|
38007000000 |
|
VISUAL
cropResistant
|
9ecce472b1d8cc96,307870f0d0928d9f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.