Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18E3284D1D064ED3A071285D8B7F66B2B7652C249CF050D4463F843BFA7DEDA1CB21499 |
|
CONTENT
ssdeep
|
192:jaM+OlWsTZjY+nz8rkJIIWdrgrwyPNjXA5h8WBltAXYrfNdp8F:jaMllWsjY+zDJXWVgEWA4afNP8F |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a4669bdb21f88276 |
|
VISUAL
aHash
|
ffe7c3c3c3ffff7f |
|
VISUAL
dHash
|
40040596968e32f0 |
|
VISUAL
wHash
|
27c3c3c3c3818f1f |
|
VISUAL
colorHash
|
07200080003 |
|
VISUAL
cropResistant
|
40040596968e32f0,4f8dcc4f37653102,6c6c345c1e9e4f25 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 81 techniques to evade detection by security scanners and make reverse engineering more difficult.