Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T137937322D3621903907BD5D8B1664B093392878DCB134BB567FC17BAFACDCB63612398 |
|
CONTENT
ssdeep
|
1536:GJz78ADeegeeeNXeSeebVPUgOq61eC+hgx7SeSkeekmTeadGC0TnXxK8wpYLeeOV:GF1PPUgOq6pGup82/ZmQ9k222I22222D |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d3cc4e691297c54d |
|
VISUAL
aHash
|
3c727e6c44466444 |
|
VISUAL
dHash
|
e1a6e0d8888ac888 |
|
VISUAL
wHash
|
7c777e4646464646 |
|
VISUAL
colorHash
|
02200030000 |
|
VISUAL
cropResistant
|
41564e64514e6c45,c1a6e0988a9a8888,e1a6e0d8888ac888,04c836f815152d29,b8a104c8b0869cb8,d7693248cccc442c,3764677363686931,b8e0240880a08686,97c4693371f1e1e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.