Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10653B76823501B7D50C787B0FBA1BB3EA278D2C6EA27555DE2FD81261787C0DCD636A0 |
|
CONTENT
ssdeep
|
768:n62BowNTw/uwEJFjo31TCFaJkD4J0pvRKn46gs1FLHRWRFA0Tvn6q:n6+PR36goHRWRF7Oq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93ec6c9293c3ec68 |
|
VISUAL
aHash
|
ff00002e0e0e0c00 |
|
VISUAL
dHash
|
63ecc7d8dcd8d8c3 |
|
VISUAL
wHash
|
ff04747e1e1e6e00 |
|
VISUAL
colorHash
|
01001000180 |
|
VISUAL
cropResistant
|
ff00536b6b7300ec,9696ea9a711669e8,ffffbfe6c6e6ffff,eccdccd8dcd8d8d7 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 24 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)