Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A09308F2E2D8EDB9F113A7D4F09066170293127ADB4BC9C8D76C85B4A7D2C8A0D375A1 |
|
CONTENT
ssdeep
|
768:DiW2p2sH18ueS5W5b5oXEANl/J0Ff+KNM7aeW0Aoo/rtJxjH//C0VhTAeArd5:QEANOzhTAeArd5 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ad05769238466dde |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
bfe7d6d73b1b2c2f |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
03000e00008 |
|
VISUAL
cropResistant
|
f7c6d6d73b1b2c2b,dcf7f7c3d6d6d6d7,1536372b0f1c1d8e,7fffffffffffffff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)