Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F023B9F0414050AA03CBFF9474D6BE4A94A2C0EED25F2C4552B52BF85BD0BF68DC26A7 |
|
CONTENT
ssdeep
|
384:oG4xCtz1uBvip7u3QXEwG7PX+Q7NJcwnl7wPMKJKd2q:zZyidEwGFN1l9KJKd2q |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a2a7a778f808f92a |
|
VISUAL
aHash
|
672727070040017f |
|
VISUAL
dHash
|
cfcccfac8cd2e3f7 |
|
VISUAL
wHash
|
ff272707006013ff |
|
VISUAL
colorHash
|
06481000000 |
|
VISUAL
cropResistant
|
cecdcdcccfcfaeac,a46a4a4a6a6a4a46,26a5b6cac8a47476,e2e3b3b3afe75757,cfcccfec8cd4e3f3 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.