Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C07342F052A5987B5063D3E1AB751B2B73D582ADDE46438217F887BA6FDBC50FC02640 |
|
CONTENT
ssdeep
|
1536:eQ3nyLfeKoBaFmpjs/rYoHJ11xf9ih4SCN:ews//B9So |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ba49bee441b7c129 |
|
VISUAL
aHash
|
ff00080000ffffff |
|
VISUAL
dHash
|
f838d8d8d00e2e2e |
|
VISUAL
wHash
|
ff00000000ffffff |
|
VISUAL
colorHash
|
07000c00040 |
|
VISUAL
cropResistant
|
002080f0f0800079,1e2f2f3e1e2e2e2e,e0e0f0f0f0f0f0f0,393838d8d8d89890,d3f0f0f0f0f08eac,68f8f8fdfdf8d6d3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.