Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T158922FF193599E3FB15346E5D36AB33B31A1824BEA8A226586FE43B452C1D4CFD33480 |
|
CONTENT
ssdeep
|
192:0bSDBGc81+hxxhrb+UDUorhvdTUo3mZCf3HQpoWCpZv:2+hxidorIo2ZCfTfpx |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e6664e9999992699 |
|
VISUAL
aHash
|
e7e7e7efe7e7ffff |
|
VISUAL
dHash
|
4d4d4d0c4c4d000c |
|
VISUAL
wHash
|
00c3c3c30000243c |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
4d4d4d0c4c4d000c,86a6828480908808 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 57 techniques to evade detection by security scanners and make reverse engineering more difficult.