Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F602C8DB914C237A4E47041C715F22EDE74B287DE669DEB821B9C03B13E4F21A2362C9 |
|
CONTENT
ssdeep
|
192:3PyeJIc7tR9RaYlPc3DWWzFAqn1DUnaGVN+bSkzc6kVq55KOU:fyeJF7tR9RLlPc3DFAnaGj+bSkzjXoR |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
964fed70e052c936 |
|
VISUAL
aHash
|
381c3e66064e06ff |
|
VISUAL
dHash
|
40686c8c8c8c4c6c |
|
VISUAL
wHash
|
3c3c0e66066e06ff |
|
VISUAL
colorHash
|
0e60a000000 |
|
VISUAL
cropResistant
|
10ea2ac8f438dc26,8496928082c0e8fc,606c6c8c8c8c4c4c,2000202244484849,d8d27ddcb434989b,d1cbc5a183860488,898089b8b889a8f3,40606ccc8c8ccc6c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)