Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T194F1A83BC50C23254B620198BA28D7CEE21F904C1BE186993DB4D49C37A6F459771AEF |
|
CONTENT
ssdeep
|
192:EspKwmwT08CbgIocQhRE5DvxVWT21UxFcFw1VAi:EsAfwTKnQhRE5DvxVWCCFcFyVz |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
aa7bd5856ad08e0e |
|
VISUAL
aHash
|
0000000001ffffff |
|
VISUAL
dHash
|
2b99099919d5a017 |
|
VISUAL
wHash
|
00c101c101ffffff |
|
VISUAL
colorHash
|
030000001c0 |
|
VISUAL
cropResistant
|
99699999d5b0a916,0004303232200400,2b9a89899959d5a8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)