Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T105622B743080A817A563D1E837AF632E616289D9C95F864CD6D4F0F83EE5C9EC4DB3A4 |
|
CONTENT
ssdeep
|
384:ntmYGj8GYdGVVGDiRaAWj2nvUwXNAfLwUWAuYx6jomrYZJp2/R2vYtF+L:nQNjxYoVAX2vUwXNAzwUWAyWwR2vYt4L |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8a0a0c24f7f5d5d5 |
|
VISUAL
aHash
|
0000ffffffffffff |
|
VISUAL
dHash
|
c671e00d8c100800 |
|
VISUAL
wHash
|
0000000000000000 |
|
VISUAL
colorHash
|
06001008080 |
|
VISUAL
cropResistant
|
0081848484b1cece,6116080c10080000,ce647573b12161f0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 35 techniques to evade detection by security scanners and make reverse engineering more difficult.