Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B1831533421935270537C6D430A99B37D2A69E5FFAE70A010EECD7F72BE9CA0745A11A |
|
CONTENT
ssdeep
|
384:sBnGo3vlsbS8PHFNOmzPdkAqHn1WiJm3KWVE8JAV:sHts28PlEmz1MH1WiJm3zVE8o |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
897726c832b7a8ce |
|
VISUAL
aHash
|
0118182059591919 |
|
VISUAL
dHash
|
d571735eb3b33373 |
|
VISUAL
wHash
|
011899aff9d99b19 |
|
VISUAL
colorHash
|
3ae00008000 |
|
VISUAL
cropResistant
|
8200006040000082,820000c0c0800082,c2c0c0e0e8c0c0c2,8000012c1ac10084,00201c9496040000,d571735eb3b33373 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 78 techniques to evade detection by security scanners and make reverse engineering more difficult.