Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T119636BB9B485F51342F3809261BF6A07B37D410F680D4470E258DACBB6E4C5AA1ABBD9 |
|
CONTENT
ssdeep
|
768:4GT0TQH7YFQ9UUmmES5jE356zMngQf09l87GmZSINVFXEhVzc+b42NB2jIGrTnzH:4qmm25FA9hmZSINVFXEfzQ2N0msQw |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c9edd616324d4536 |
|
VISUAL
aHash
|
fffffbf900000000 |
|
VISUAL
dHash
|
92527233cde0e0c8 |
|
VISUAL
wHash
|
fffffbfb04080000 |
|
VISUAL
colorHash
|
1b003000180 |
|
VISUAL
cropResistant
|
0212529272727263,826c94949494cc22,1272730aedc0e0c8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 36 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)