Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CBD11FA74008083E75334ADCE62A73A620A3B35ECB97090CD69CA37347DDDA7B967C54 |
|
CONTENT
ssdeep
|
96:TLTID1tUbOw7NgXT+9MyMKREmR14kj82SaJ/EkETh+hvb5oLG:XTG1tUbB7KY6KzfLf/EkETh+h+G |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c6c639399331ccc7 |
|
VISUAL
aHash
|
003030383c300000 |
|
VISUAL
dHash
|
9a65656161e46640 |
|
VISUAL
wHash
|
007c7e7e7e7e7000 |
|
VISUAL
colorHash
|
31200038040 |
|
VISUAL
cropResistant
|
424c8c969e3c803c,9a65656161e46640 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.