Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18EE1A877A35040EE424F8BF8F1527A7C922ED14FC88798A0B2BD03DE56D1E65D7A1252 |
|
CONTENT
ssdeep
|
96:T/aXz+IDwxxqatOmpzxxqatOmguexxqatO/uP+P:baXBDIxZp9xZguCx+ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99e666d939644c99 |
|
VISUAL
aHash
|
183c181818181818 |
|
VISUAL
dHash
|
3071b2b2b2b23232 |
|
VISUAL
wHash
|
183c38383c3c3c3c |
|
VISUAL
colorHash
|
07000000580 |
|
VISUAL
cropResistant
|
936626b2a2b2924c,3071b2b2b2b23232 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 40 techniques to evade detection by security scanners and make reverse engineering more difficult.