Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B7E14612F440113F0273A9D5F0657F2A65D3F34ECA0AA4129BF942982FFBF6075256BA |
|
CONTENT
ssdeep
|
96:nsDdYRr7OLsrSb9otEAk1fOYV1fdFST2STwMFPrMV+p/2m++Tq/:nsDdYRr7OLsrEAAfzHfC/XFli+M |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b20fe48e7b09f415 |
|
VISUAL
aHash
|
0707070707070707 |
|
VISUAL
dHash
|
cccdcc0d0dcccd8d |
|
VISUAL
wHash
|
0f070f0f0f0f0fc7 |
|
VISUAL
colorHash
|
03400038000 |
|
VISUAL
cropResistant
|
e0e4ecececccccc8,a1b2a09686a0a0a0,c01829a8a8a8d6c4,fefef8c0c8e0f0f8,e0f0a08212e0e2e0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)