Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T185F242B39185EC3F4347C1E0A2567B3AE5C1D196FE631206E9EA53DA46DDD90C8221CF |
|
CONTENT
ssdeep
|
768:lnb4QlTrluIls1liTIIals1liwGQcZv7AZ6nIXLVkghPdOVKEmz6E74xo8VAExir:pluIls1liTIIals1liwG1Zv7AZ6nIXL5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
84a8abaab89ba71d |
|
VISUAL
aHash
|
ff303e5e1a263c00 |
|
VISUAL
dHash
|
1fe5e4b0b6cc6064 |
|
VISUAL
wHash
|
ff107e5e1a363c20 |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
0003030303030100,1fe5e4b0b6cc6064 |
Fake Kingroyal login page with 2 forms. Victim enters credentials which are captured and transmitted to attacker's server. Page may impersonate Kingroyal official login to appear legitimate.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.