Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12373B5F8036697F79183DBF0B662FB6B61989758DA63E20953EC815A3BCBC44CD40790 |
|
CONTENT
ssdeep
|
1536:7ol/9snfMjFa0p6NjA2rsGHBGOq+2U23DSnh59snfMjFa0p6NjA2rsGHBGOq+2UG:4/9snfMjFa0p6NjTrsGHBGOqZf3DSnhd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
dad86072dac8e62d |
|
VISUAL
aHash
|
c000bcbdff240000 |
|
VISUAL
dHash
|
a5b16068684c1208 |
|
VISUAL
wHash
|
c000ffffffe70000 |
|
VISUAL
colorHash
|
000000001c0 |
|
VISUAL
cropResistant
|
04fb9254d4d6974b,cbaba9eadec61626,2dea92d2ae8e3604,5a6a66b666b5b535,5a6a66b466a4b575,291917c6d6d6c440,9616186871cc4c0c,a5b16068684c1208 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)