Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DD13843591486A3EB5178BD9EB76333E62BB92CAE55B0114D3BC036887C3DC9EC17548 |
|
CONTENT
ssdeep
|
768:R/vV5fzHJWE/KKmZ7NaRZwhJ4Tu6ddDf+CgmlU5ki0IaV7NG:tWN+ZqJOu6ddDf+CgmlU5ki2NG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ed599216696d9293 |
|
VISUAL
aHash
|
009cd991f1bfffff |
|
VISUAL
dHash
|
63383333332667ce |
|
VISUAL
wHash
|
00dc819191973fff |
|
VISUAL
colorHash
|
06000000038 |
|
VISUAL
cropResistant
|
04896b2b2bcb00f0,38333333272666ec,f0f0e0f0f4f0f0f0,2161101141594943 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.