Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T199E133E0C454EC370753C6D5B7B92B0F7395C345CB520A5863F893AA5BCACA0CA629AD |
|
CONTENT
ssdeep
|
192:QwU4444444444444M7QzH0X1nHCBB4444444444444CGkzChAhyXQ1:QwzQiBzGZsyQ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b3b3138c4e26b339 |
|
VISUAL
aHash
|
efffe7ffffff0000 |
|
VISUAL
dHash
|
080c0c0814000000 |
|
VISUAL
wHash
|
e7c3c7c7c3ff0000 |
|
VISUAL
colorHash
|
07000000000 |
|
VISUAL
cropResistant
|
080c0c0814000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 63 techniques to evade detection by security scanners and make reverse engineering more difficult.