Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F8615223908A456FA20A83C092F1BB97A827C545CF705F84D9954FC7F5D4EBAB13226C |
|
CONTENT
ssdeep
|
96:TJjbc7iRw2/ll0IX/K/8sEX46n2ul3r6b:FjbZRw2/ll0IPK/8sEI6n2ul3eb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc66339933cccc66 |
|
VISUAL
aHash
|
0000100000181800 |
|
VISUAL
dHash
|
000030300cb2320c |
|
VISUAL
wHash
|
81819981b1b99981 |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
8ab0ccccccccb2aa,000030300cb2320c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)