Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CAF131E0C684B63B431281C8B7326F5BB7A2875CDB530D50D3AC971F5BC6DA0EA2258D |
|
CONTENT
ssdeep
|
192:ymTmMjakDjzGvWJfb42L8cSM5v9SS1dmu+Lb:RC8J/GvWJ02L8cL5voS1ou+Lb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b038cece9e329a6c |
|
VISUAL
aHash
|
ffc3c3c3c3ffffff |
|
VISUAL
dHash
|
20968e8e9e012200 |
|
VISUAL
wHash
|
0083c3c3c3c3d3ff |
|
VISUAL
colorHash
|
0e601000040 |
|
VISUAL
cropResistant
|
20968e8e9e012200,0d2d0d8e8cee8eaf |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.