Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EF235A726732B8A843DB91EEF73C2E45B2C2988DE8C74550F5C95A8D13C3C856297BB4 |
|
CONTENT
ssdeep
|
768:avIy+EsZx8/G8tPRF4QGDawWMjBBMwiMjBBlwZCN2/y9dGDTDiJE56ITmH+LCBlE:avIy+EsZ/8tJOQGDawWMjB6wiMjBzwc6 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
be3b95d466c0c06b |
|
VISUAL
aHash
|
fd81818181ffffff |
|
VISUAL
dHash
|
7d71711555290001 |
|
VISUAL
wHash
|
bd01010000ffffff |
|
VISUAL
colorHash
|
0ee00008000 |
|
VISUAL
cropResistant
|
7d71711555290001,636ac6d6e4bcd8f9,83f03ceb79b4b2aa,d2a28aa73392a2c2,bc3ebaf17134d696 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)