Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14CF242B101691BBB31774BD57A2BB7027191920ACE1B15D5F2FAC39F77CAE50ACA1302 |
|
CONTENT
ssdeep
|
768:ZRT9BvXtAhCgrXKsvKCXPzSKrMLBiBgf6:ZRT9Bv9AQ6XKCmKANXf6 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c716b934e9b06b86 |
|
VISUAL
aHash
|
003070707020ffff |
|
VISUAL
dHash
|
9ce5e0c1e0c21403 |
|
VISUAL
wHash
|
007078707070ffff |
|
VISUAL
colorHash
|
1a007000000 |
|
VISUAL
cropResistant
|
26223e921b323050,0000132423232323,dcc7e4c0c1e0c2c4,4541414141493533 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.