Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T118038421A900EE2641DB49C8A533566A63F98345D2130AC8FEB5C3F95BEEC3DDB37148 |
|
CONTENT
ssdeep
|
768:esIx/j6I+/rdztFDBOxfp59NjTHWOpbfYaMq7Uf79F:esIxmI+xztVBOXpbfYoU79F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e94437403f266d3e |
|
VISUAL
aHash
|
00fffbf9f1f98f8f |
|
VISUAL
dHash
|
d47a737333b3181a |
|
VISUAL
wHash
|
00bab9b131f18f8f |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
7a7373b333b3181a,ccdc9b8272727a7a,337355099a590b2b,59dc9373f15d9898 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 110 techniques to evade detection by security scanners and make reverse engineering more difficult.