Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1049307F6E3E8A9A0B01367C8F0D07291565B103ADB06CAD8DA7C06B8F3C5C5D4977AA1 |
|
CONTENT
ssdeep
|
768:3iW2pl6kuDS5WQY/J0Ff7Fc66DxGr6YpUciJq6kLrW0:CDc6I+pUciJGLJ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c7843b3b3a3cc564 |
|
VISUAL
aHash
|
007c7e3e0c7c0038 |
|
VISUAL
dHash
|
74e0e4f4f8d0c0c0 |
|
VISUAL
wHash
|
007e7e7e387c3838 |
|
VISUAL
colorHash
|
300006c8000 |
|
VISUAL
cropResistant
|
43d65ab2f8fefdf9,74e0e4f4f8d0c0c0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.