Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T134636BB9B484F61342F380D361BF6A03B37D440F640D4470E258DACEB6E4C5AA1ABBD9 |
|
CONTENT
ssdeep
|
768:43T0TQH7YFQ9UMOk8S5jE356zMngQf09l87GzTDIveiGHPVzc+b42NB2jIGrTnzH:4tOk+5FA9hzTDIveiGHdzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c9edd616324d4536 |
|
VISUAL
aHash
|
fffffbf900000000 |
|
VISUAL
dHash
|
92527233cde0e0c8 |
|
VISUAL
wHash
|
fffffbfb04080000 |
|
VISUAL
colorHash
|
1b003000180 |
|
VISUAL
cropResistant
|
0212529272727263,826c94949494cc22,1272730aedc0e0c8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 37 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)