Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T103A39325720236FB80E796F6B3506B5BF3B8C768D657CB4C62E842586BC3C1ACD46319 |
|
CONTENT
ssdeep
|
3072:GHak0XRjblIexz0In+dCr5B5SIoi2jdMpFIKrR7b:2hgb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
edca926c6d1a1aca |
|
VISUAL
aHash
|
fdff9f939393ffff |
|
VISUAL
dHash
|
29c4313236364820 |
|
VISUAL
wHash
|
91ff9183838183fe |
|
VISUAL
colorHash
|
07006040040 |
|
VISUAL
cropResistant
|
29c4313236364820,8cb033c8e8ccf0b5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.