Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13BB20FB02517346A55B341E3E0555F0498F39BB6F7292D38EBB516289BC8CF02B473B2 |
|
CONTENT
ssdeep
|
384:Pdwf7uOTlX3whrG+znZzZgTjosop1NNYd8LybxFPrvfATNHZDLwQe7I8Ars747+4:+f7uOTlX3whrGcZzZgTjosop1NNYd8LN |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
99646699666699dc |
|
VISUAL
aHash
|
0000181818180000 |
|
VISUAL
dHash
|
0008303232320c10 |
|
VISUAL
wHash
|
009ad83cf9bcd9d1 |
|
VISUAL
colorHash
|
38001000180 |
|
VISUAL
cropResistant
|
0008303232320c10 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 133 techniques to evade detection by security scanners and make reverse engineering more difficult.