Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12E9308F6E6D4E975F013A7D4F0D06216031B123AEB4B89C8EBAC41E5A7D6C8E0D37592 |
|
CONTENT
ssdeep
|
768:/iW2p2sH18uNS5W5b5oXiANb/J0Ff+Wv67QckuC66XRXbTZFNNqEghT444ZTX:jiANsehT444ZTX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ad05769238466dde |
|
VISUAL
aHash
|
00000000ffffffff |
|
VISUAL
dHash
|
bfe7d6d73b1b2c2f |
|
VISUAL
wHash
|
00000000ffffffff |
|
VISUAL
colorHash
|
03000e00008 |
|
VISUAL
cropResistant
|
f7c6d6d73b1b2c2b,dcf7f7c3d6d6d6d7,1536372b0f1c1d8e,7fffffffffffffff |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 14 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)