Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C2711032815C1D7E320B87C4AA3A335E71AB9749FB5A211439ED03A08AD6DADDC770A4 |
|
CONTENT
ssdeep
|
48:TU9q4mSuda5dKNprelkboSRKlpPPlZxgz2i93SggxjWGF706vBbW3UpAe8rSA4ii:TU/OYsNelkb3RKlp1ugMGFlBbpuU1ubO |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d9f336888d89b296 |
|
VISUAL
aHash
|
ff00181838180000 |
|
VISUAL
dHash
|
168630b2b2b33336 |
|
VISUAL
wHash
|
ffc0f8f8f8d89800 |
|
VISUAL
colorHash
|
31200019040 |
|
VISUAL
cropResistant
|
ccdc30ca4c04218e,168630b2b2b33336 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.