Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C7A2C7738185F567025383E2AB6F7B2663F35195C2820904B1FC8B68EFD5DB1DC636A2 |
|
CONTENT
ssdeep
|
384:+UGg11W+pbb44bGdiJNo+l1VpLA2zFFrTMbe7q3fhUw94Yw:+UGc1W+5b44bQiJ6+XVpU2zFFrTMigf2 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d96635269996b724 |
|
VISUAL
aHash
|
2618183c18181818 |
|
VISUAL
dHash
|
c433717132713132 |
|
VISUAL
wHash
|
7ed8f8bc983c181c |
|
VISUAL
colorHash
|
380020001c0 |
|
VISUAL
cropResistant
|
c433717132713132 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 19 techniques to evade detection by security scanners and make reverse engineering more difficult.