Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A9235B726332B8B843DB91DEF7382956B2D2489DF8CB4554F5C95A8D23C3C812297BB4 |
|
CONTENT
ssdeep
|
768:aP+EsZx8/G8TC4+DawQMcBTwtMcB0w9r82+/9dtZkDieE565TmHEnkvdhfVPqDvQ:aP+EsZ/8TV+DawQMcBTwtMcB0wh82+/l |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cab4b56b1a0bf087 |
|
VISUAL
aHash
|
fffffd1898f8393d |
|
VISUAL
dHash
|
8907313979196969 |
|
VISUAL
wHash
|
fff9f9080808393d |
|
VISUAL
colorHash
|
07000000c00 |
|
VISUAL
cropResistant
|
8907313979196969,2f5747575f321f87,49452bd8c4e45945 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 18 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)