Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D232D72C6000440BA637DB9DBE81FB4DE5A2B34BCE865590D1FEB36DA7E0EB244550B9 |
|
CONTENT
ssdeep
|
192:zImnL07kyfbyGugKT3hyncjpbb2cyC9jV/ji3bgrh:zI80XfmGugKTcnckFCjVbi3bMh |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cd9916699a1d6ac3 |
|
VISUAL
aHash
|
f8f8f8f8f0f0f0f0 |
|
VISUAL
dHash
|
b292527203236664 |
|
VISUAL
wHash
|
78f8f0f0f0f0f0b0 |
|
VISUAL
colorHash
|
07688000000 |
|
VISUAL
cropResistant
|
cece6c7c00046868,d2f0f4949a386120,f1f1fcf0c080808c,901918181e6c6472 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)