Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1644292776100AC271653C2E1FFA3629A92E5C389E8360A557AFD838D1FD2DE7D903127 |
|
CONTENT
ssdeep
|
192:NxUq7yRJ72kbl9gxnl6RIzJG7R7j3wpJtqabMNIdpauOp:NxUq7yb72kx9gxnl6RIzJG7R7DeJtFbe |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
edc9b292926ec361 |
|
VISUAL
aHash
|
ffd9d1b9ffff81fb |
|
VISUAL
dHash
|
383333231c2f2723 |
|
VISUAL
wHash
|
ff81d19187c781c3 |
|
VISUAL
colorHash
|
07401001040 |
|
VISUAL
cropResistant
|
383333231c2f2723,b870d6bab0c199d8,8eb62232b0707173 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.