Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1232253726544AEB30593E7E5E371E72F76C2C348CA931786A2F8874C1FC6CAACD51214 |
|
CONTENT
ssdeep
|
192:aH9gKIKP7nXWM3D0tM44vRlqI+RJoTGXzxYp:qjBxcz2p |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9ab865c7671e3838 |
|
VISUAL
aHash
|
3c5cdf1c3c3c3c00 |
|
VISUAL
dHash
|
69b9b17969616900 |
|
VISUAL
wHash
|
3cdcdf1c3c3c3c00 |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
69b9b17969616900 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 22 techniques to evade detection by security scanners and make reverse engineering more difficult.