Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FE4284735845AD3B0643E1E4BFA672AA63D4C74AC81B1B64A7ED43EE4EC1DA0DC43523 |
|
CONTENT
ssdeep
|
192:e+fU//VsqAqVZ+ZR+o4NwnCTLkf7AW2YoGZlbhucB3vgFp:e+fU//VsqhVZ+aRueS8WoGh93vgFp |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c538c3633ae638c7 |
|
VISUAL
aHash
|
003c18103c007e7c |
|
VISUAL
dHash
|
f0f0f0b0d0c8c4d4 |
|
VISUAL
wHash
|
3c7e3c107c007e7e |
|
VISUAL
colorHash
|
30c00040000 |
|
VISUAL
cropResistant
|
c2f2d4d4564654d4,f0f0f0b0d0c8c4d4 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.