Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10CF2FF721582183FDA8791C6FB696B4AE2C6935BC5521D05BBF1874BDFC2E24FC1A230 |
|
CONTENT
ssdeep
|
768:YtefuQSVG8VJhy9NrzGNt9Zs+GPTnZwbbQNKh2p+ohCyoxaSrE0X1Xmh2fld1ClT:Ytef/SD8wvw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec93936c6a2f0393 |
|
VISUAL
aHash
|
01fffff1f1f1f1ff |
|
VISUAL
dHash
|
7b00452327232398 |
|
VISUAL
wHash
|
00fffd818191b0fe |
|
VISUAL
colorHash
|
060002001c0 |
|
VISUAL
cropResistant
|
6918272327232398,fffffff3f3fbffff,f07ae1ec4d414965 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 360 techniques to evade detection by security scanners and make reverse engineering more difficult.