Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CCC2C823890022080261C2F655E2EF5EE69A5342DB431FE65B958F7E3DCC6DEBE7215C |
|
CONTENT
ssdeep
|
768:55+4U4IbOH80FEEIpKi3BEDIy7Iah3soFwkNJQkg:55+4U4MOXEEIFBEcy7IaKoFDa |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ce9acc6c316d3961 |
|
VISUAL
aHash
|
3c3c3c0000183830 |
|
VISUAL
dHash
|
7069687044707060 |
|
VISUAL
wHash
|
3c3c3c3c243c3c3c |
|
VISUAL
colorHash
|
38000e00000 |
|
VISUAL
cropResistant
|
4231c6c6c6c62142,7069687044707060 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.