Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D65165B79005DC2A2E61C9F4DDD6F20C9E628DA5C24F2BC181E8D76E3AD5EB0C01229C |
|
CONTENT
ssdeep
|
48:vHRf0Jv7lADIa4jxe4tRa4jtn4hdQTitC4Q0MsVDT3cmX2YX:vRu2hBti0M4v |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f7777f5d19090022 |
|
VISUAL
aHash
|
0000ffffffffffff |
|
VISUAL
dHash
|
504c2c0000000000 |
|
VISUAL
wHash
|
000000fff0f0f0f0 |
|
VISUAL
colorHash
|
07007000000 |
|
VISUAL
cropResistant
|
504c2c0000000000,0000000000000000 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 9 techniques to evade detection by security scanners and make reverse engineering more difficult.