Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C662DC7191618C3F84A7D2D592392F2BE2C2828ACE53070A63F5879C5FEBD45DEE2650 |
|
CONTENT
ssdeep
|
192:+7wA/9MJMUGucDqQ8fwqLGue9ls9dc9RK9NW9iS9Oj9809VL92:+neBE |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9f621fa19595d056 |
|
VISUAL
aHash
|
3920e0ffffff9f9f |
|
VISUAL
dHash
|
716949521999796b |
|
VISUAL
wHash
|
0100e08f9fef8f8f |
|
VISUAL
colorHash
|
07608040000 |
|
VISUAL
cropResistant
|
716949521999796b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.