Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19972C92703445E3DAA23C2A8FBA4F2268399F196D37A861DE1ED137613D3D52C5336D8 |
|
CONTENT
ssdeep
|
192:w9e2FWYfH3YpwjYNom9KXPtbQFmGYMwqqYMoIqYMSE/hIFhIyhIvhIDSC:wU8WYfH3Y2jYl4R+YJDY5YJPEDeDb |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
f9d26c0c935c6d92 |
|
VISUAL
aHash
|
ffffe7ffffc3c3c3 |
|
VISUAL
dHash
|
698e0c481e969696 |
|
VISUAL
wHash
|
a5c7e2e7ef818181 |
|
VISUAL
colorHash
|
0e008000c00 |
|
VISUAL
cropResistant
|
698e0c481e969696,fffe3efc999dcecf,0659d9dad8595830 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.