Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18DD3957012019D3FD4D782A8F768AB6A939CD352DF6B860DD2E883752FC2C55DD262C8 |
|
CONTENT
ssdeep
|
768:+y/ky2hjFY+iYUHBt7b/PhTfHtphOopVLSZY4he0YXoY7lYRWYtJ2aYcYYYw9IYy:+NBcHB8eaIfw/e7 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
887da27f887d2235 |
|
VISUAL
aHash
|
021808181800187f |
|
VISUAL
dHash
|
a63168b2b269b2d4 |
|
VISUAL
wHash
|
42183c3c3c1c3eff |
|
VISUAL
colorHash
|
30001600048 |
|
VISUAL
cropResistant
|
a2a1c1a58dc0a0a0,a63168b2b269b2d4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.