Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DDD258353251693FF6634AF57221BBB960AAD31DDE9FC618E2FC02A107CDCC5AA13524 |
|
CONTENT
ssdeep
|
384:dIAKR7Hf9Z/M8ZeTZe1LSaSS4SJSvSjSZSmPS+SaSS4SJSvSjSZSmPSevmyuVu8s:CAKZz/9u02LdK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cccccc3333ccce8c |
|
VISUAL
aHash
|
1c18381808081818 |
|
VISUAL
dHash
|
f0f0b0f0f8f0b2b0 |
|
VISUAL
wHash
|
7e7e7e3c3c181818 |
|
VISUAL
colorHash
|
38400010001 |
|
VISUAL
cropResistant
|
8000000616000080,f0f0b0f0f8f0b2b0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.