Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T139A193326048685E519AC692A6F2FB25C399C140C6200D90D19D4FDF6EC5FA4E6F339E |
|
CONTENT
ssdeep
|
96:vnuj1Suj2Gc10aVvUtXXrU0dcIdSUQUtYVEuFAFNQL7:vny4y2Gc10jtPXiFFEQL7 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc75659333cc3299 |
|
VISUAL
aHash
|
001818181c3c3c18 |
|
VISUAL
dHash
|
727032b279617171 |
|
VISUAL
wHash
|
183c3cbe3c3c3c3c |
|
VISUAL
colorHash
|
30000038000 |
|
VISUAL
cropResistant
|
d6def4cc8c888808,ccc9d9e171756647,43702292f2cec6e8,727032b279617171 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.