Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AEA201649249D43BB0B341D1D5237E6F72E6434CCF450948A6F81BB86B9BC8BFCE2958 |
|
CONTENT
ssdeep
|
384:/w5cwjWxGLbIIay1M0Z0XM4MNiliephJxC:e3rLbII71M0WM4MEsShJI |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3e67c393892c6c6 |
|
VISUAL
aHash
|
c4f0747d63203501 |
|
VISUAL
dHash
|
84c2c9c9c7d6c571 |
|
VISUAL
wHash
|
e4f0f47d63013d19 |
|
VISUAL
colorHash
|
38006000040 |
|
VISUAL
cropResistant
|
84c2c9c9c7d6c571 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 25 techniques to evade detection by security scanners and make reverse engineering more difficult.