Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T170E22A819BE9783D429653C9E71CAB14D2D78328FF0258AC67D893262BC0D5ED1F360E |
|
CONTENT
ssdeep
|
384:kHX+7Y6OqnhUhEaeT5hvq2kJRuKftdfbtvJctgUltUOKtXCItJPrt+Q:IX+E6OqhyveXiDnbFxhxAhDzuycZxl |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b030cdcf9c8ccdc3 |
|
VISUAL
aHash
|
d3c3c787c7ffffff |
|
VISUAL
dHash
|
330f1e3d0c3a3e1c |
|
VISUAL
wHash
|
8183838787c7c7cf |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
330f1e3d0c3a3e1c,0000241292920c00,699696e9b9998660,e3dbdadcb9a5c434 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.