Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T179F3EAA5BA837922110F8BCF512B711CE1A181C8DA9379C1EAF08754D57BE92B7F3349 |
|
CONTENT
ssdeep
|
1536:wFUoQe1QDIqvA46W9pNgQe/B5R2GjmWN/wf3NthlCIeGJtzFWHRkATWLHJKOUg:wFlove/B5RxN/wf3XhlCIeGfzFmrKI0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
edcd92923ec3129c |
|
VISUAL
aHash
|
ffd3f3f18383ff81 |
|
VISUAL
dHash
|
38333723333b2733 |
|
VISUAL
wHash
|
ff9191d18181ff81 |
|
VISUAL
colorHash
|
06001010001 |
|
VISUAL
cropResistant
|
38333723333b2733,232b0e1c1c4c2969,1beda5d1b3b39109,0428793131310428,002032b2b2b20c10 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 936 techniques to evade detection by security scanners and make reverse engineering more difficult.