Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14E031C72B059B15D12459B81D9B0F3ABCB42C905DFF00E46D8528F8AFD46BB1B9B231E |
|
CONTENT
ssdeep
|
768:hV4FIZ42wWspvMso4EfAtYCH0eCvwpwe4o4h4o4DR4Z:kFIZ42wWspvMso4EfAtYCH0eCvwpwe4D |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
84b13d1fca686ace |
|
VISUAL
aHash
|
007fffffff00001f |
|
VISUAL
dHash
|
92d6cc846555f0ae |
|
VISUAL
wHash
|
004fffffff00001c |
|
VISUAL
colorHash
|
11200048018 |
|
VISUAL
cropResistant
|
c2c069cc6a3b31e3,6d6cacd8c09dd1c0,409c99999d98c4f8,d5d5c4f2ed66670e,ad1f5f6e67e373f4,8e862622aab03079,8282800101014545,92d6cc846555f0ae |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)