Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T157B2C612A081FC3F46F793CFB0D2177B62E29306D80356456AF6875C1BFAEB19D62609 |
|
CONTENT
ssdeep
|
384:3whNsGHg5AhhFRSFDG7ZyV67TRU9lY16QKcw+RJ6VtoQe:380MXUFDyYY9Qe |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c7a43c32333cc6c7 |
|
VISUAL
aHash
|
27397b33687e0038 |
|
VISUAL
dHash
|
dcd3e3e7c8c4e2c0 |
|
VISUAL
wHash
|
2f017b337f7e0038 |
|
VISUAL
colorHash
|
38006208000 |
|
VISUAL
cropResistant
|
dcd3e3e7c8c4e2c0 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.