Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19204363832026A6B74BBA6E8F6B0EBDF655DC345D1679915B3E4C1AB3F8ADB1CC05040 |
|
CONTENT
ssdeep
|
768:7SgCykay1m+i8O1GKNScSDa50VOlURtDNrfCcSuP8WbnosuPpCH9vmH119nyp1DL:7SgpvSi6m+Nr4ujisqdk0sr |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3c63c3d399cc0ce |
|
VISUAL
aHash
|
0070746460601c60 |
|
VISUAL
dHash
|
34cdc5ccc8d4acd0 |
|
VISUAL
wHash
|
4e7c746e6c607e60 |
|
VISUAL
colorHash
|
38000030000 |
|
VISUAL
cropResistant
|
2977de4949c8cd6f,33454d5555455551,29298b8b8bdbdb5b,34cdc5ccc8d4acd0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 5394 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)