Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14F54BD234159692A4437C3C03479AB7AD1A6DE8BFAA74A014FEC87F73AFDC50741A21D |
|
CONTENT
ssdeep
|
3072:OwNDaOQPpVlHfQ3mYaJ/LMHm+tZMFO4Y/A:OwNDoxuiGZMcA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
aa5af4f4150c1ed6 |
|
VISUAL
aHash
|
00800001fffffbff |
|
VISUAL
dHash
|
8c4d792be937231c |
|
VISUAL
wHash
|
00800101ffdff3ff |
|
VISUAL
colorHash
|
06002600008 |
|
VISUAL
cropResistant
|
8c4d792be937231c,0134341404505918,8181418191410181,0001010140014100,8382212143439286,2aa9a9446dc4d4d4,5c26e627474d1387 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 31 techniques to evade detection by security scanners and make reverse engineering more difficult.