Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C0A20971B0206C3B81DB89FEF235E9011B68E244D34B5B75F9AC83DD18D6C1CE923669 |
|
CONTENT
ssdeep
|
384:q8OJtjW72eoWrLZvhJnW8PDsDvp+53GH+oG:qfJtUo29LsDh+53g+oG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
87535ccc4c33736c |
|
VISUAL
aHash
|
00102f2f3737777f |
|
VISUAL
dHash
|
88e4cadbe5eee6e4 |
|
VISUAL
wHash
|
00002b3f373f3777 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
88e4cadbe5eee6e4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 107 techniques to evade detection by security scanners and make reverse engineering more difficult.