Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T129D1652BD3551B288B720B9C6F3C22FD996E044CA3134BEA2ED4943CD7A098D50797D3 |
|
CONTENT
ssdeep
|
192:amwPCCCrlaC6CwtCoCrY4hMTE0D+yiyGyD5PDwqMM:y7ElalptPoY4yv1GyD57CM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a92bde1a28d21b2f |
|
VISUAL
aHash
|
01030303033fffff |
|
VISUAL
dHash
|
ebc7cf8f877bd8f3 |
|
VISUAL
wHash
|
01030343033fffff |
|
VISUAL
colorHash
|
03001000180 |
|
VISUAL
cropResistant
|
ebc7cf8f877bd8f3,6da6a6bf24989c56,54542bb625225e1e,ccc4809e8e80c4d4,b6e3c3c7c3c7c3fa |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)