Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16BA3E7B57150AD3B408383E0FF75572FB2E282ADC90A11454AF467A927EECA5FC4734A |
|
CONTENT
ssdeep
|
1536:RWTWXWNeneweseRe7ej+1A9K6jGPcqON6Ff67EomL7HVtWAwkMpMAwkMlcV76gAl:kaGlWFufvV79Vkxcu |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bb4bc933368485b6 |
|
VISUAL
aHash
|
fdf9bf878787ffff |
|
VISUAL
dHash
|
3b3b631c1d1c243c |
|
VISUAL
wHash
|
09899d878787879f |
|
VISUAL
colorHash
|
07007008000 |
|
VISUAL
cropResistant
|
3b3b631c1d1c243c,074c2c23692db63c,06ce0d161273a696,86ce14160633b296,5145456575554541,86c68696b3b296e8,86c606063332b6ea |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.