Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16192A93BF25A0A569AEF87E2F5526AF0D09FC66DD7C30668E3F481F027D5C401A49E60 |
|
CONTENT
ssdeep
|
192:NW50VnYerdUkjFOw5i8979TN9u29nvuBVgRpzKPVhl9OdmV:NfY2jFOw5iw5TXRnvuB2Bobl91 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93336c6d4ec2d13c |
|
VISUAL
aHash
|
000c6e6c0c4c043c |
|
VISUAL
dHash
|
c2d8c8c8d0d8ccdc |
|
VISUAL
wHash
|
000e6e7e2e6c7e3c |
|
VISUAL
colorHash
|
30000000180 |
|
VISUAL
cropResistant
|
a46424322622c884,c2d8c8c8d0d8ccdc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 16 techniques to evade detection by security scanners and make reverse engineering more difficult.