Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13042FD31A898BA3311D7E2E69771A39B73D5C242CE472B1166F5D39D0FC3D6ACC25212 |
|
CONTENT
ssdeep
|
192:uM1NTd7nPmV1CBnNSQXjyHCb2IF92OEE/YLMKHq++Y:D1NTls1OpP24/YLMl+V |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8cd733749893a674 |
|
VISUAL
aHash
|
66003c3c18100001 |
|
VISUAL
dHash
|
dc036971b2318801 |
|
VISUAL
wHash
|
6efffcfc3c180001 |
|
VISUAL
colorHash
|
38000000038 |
|
VISUAL
cropResistant
|
dc036971b2318801 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.