Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1774194195194CC669AD1EAF5B7A1AF0A32AAC3A183451A006FCEB3EE29C5980CF10295 |
|
CONTENT
ssdeep
|
24:h6CxiFXtvFfQcBdYCnuomIitOnEes8WWYtBhcvRrbn63pHankFV4ouwJxpE:MFdvFfLdu8iknFs8WfX+5T6NfVlJ0 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8e7897c331c734cc |
|
VISUAL
aHash
|
00181800003e3e3f |
|
VISUAL
dHash
|
7fb3b2753f796969 |
|
VISUAL
wHash
|
031f1f01013f3f3f |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
a2aa8ad2aab28e8e,7fb3b2753f796969 |
Fake NetCredit login page with 1 form. Victim enters credentials which are captured and transmitted to attacker's server. Page may impersonate NetCredit official login to appear legitimate.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.