Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13F319706811C6E3CB9238BD4FF82B335155A01C5E50D1124987947F1A297FA5FC7B5EC |
|
CONTENT
ssdeep
|
24:hRxeCohpw48GLdjojhllJ4uZuRuIXQEai1BLJ9jIsoj4FdmdjojhllJIGL0AlY:Txaw4hcJ8QEaEBYfc8cIP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d8e0673299cd7632 |
|
VISUAL
aHash
|
c0c0d8181c0c1018 |
|
VISUAL
dHash
|
808890b229291230 |
|
VISUAL
wHash
|
e0e0f0fcfc041c3c |
|
VISUAL
colorHash
|
38002038000 |
|
VISUAL
cropResistant
|
808890b229291230 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)