Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10C53C073E215091564F2C2C8B132EFEA52814749D76B4730BA694637FCCFDB26A942CE |
|
CONTENT
ssdeep
|
1536:JwfPoeQTwqtv4mk+5x5W4n5Kk5abn5Bk52Wfn54k5GEn56k576nY1q5K5l3T/xw2:JwfPoeagZruB0fiFywcQb9Aay+j |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
dff70381834963d1 |
|
VISUAL
aHash
|
ffffffffff000000 |
|
VISUAL
dHash
|
5060044008627071 |
|
VISUAL
wHash
|
fffff0f020000000 |
|
VISUAL
colorHash
|
07000000c00 |
|
VISUAL
cropResistant
|
d6cce845c696e871,808180808080a00c,d89e84e87bea8ce6,5060044008627071 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 271 techniques to evade detection by security scanners and make reverse engineering more difficult.