Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1023273732445ED3A0263D7D4BF5AB01D96D4D64BC96B0A906AFC87DE0EC2DE0DC93262 |
|
CONTENT
ssdeep
|
192:zYEUN6QNBPSbYtKoYHBtTRGiUl0rGFD3d/u:zYEUN6kPpGTkiUCrGFZm |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ce39866339c639c6 |
|
VISUAL
aHash
|
003c181000007e3c |
|
VISUAL
dHash
|
84f8f0b46954e4f1 |
|
VISUAL
wHash
|
447e7e183c187e3c |
|
VISUAL
colorHash
|
38e00001000 |
|
VISUAL
cropResistant
|
f0f1f0f0f0f0e078,c0c0c0c0c0e0e0c0,fafafae2e8cc0e0a,84f8f0b46954e4f1 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.