Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T158638174812C077F605343C4EAE4670AB2A0C286EF561AC5B3F4C35E5AFED16ED22B56 |
|
CONTENT
ssdeep
|
768:zKxsIGYJuGSF1nmNBViyU66UoiytX4lkNAQOIvSmI5I8IVIA2loxtN7:o50vi/Viyl6ftX4lkkmI5I8IVIpmxtF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fcc699c718c73492 |
|
VISUAL
aHash
|
fe83c791d3f1ff0f |
|
VISUAL
dHash
|
8612252725271390 |
|
VISUAL
wHash
|
fe808691c4f0fb0f |
|
VISUAL
colorHash
|
07401000180 |
|
VISUAL
cropResistant
|
8612252725271390 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.