Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12C91A5726084A41F1551C3D1A0DAB7679699C259DB204F70E2B40FEAF9C8FF5FA7209C |
|
CONTENT
ssdeep
|
96:LaXAIM4FAlRj06p3lydUt3G4SJSJSJSmFSJSJSJSPdnYHyGkiTf:9IRAlt0JydGx444m0444PdY9kiTf |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc3299cd8e33cc99 |
|
VISUAL
aHash
|
000000001818183c |
|
VISUAL
dHash
|
00002000b2b230b2 |
|
VISUAL
wHash
|
ff0000003c3c3c3c |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
00002000b2b230b2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.