Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AB3187B1508C533B4282A2A2F6C63266B7D74495BA062B0464F891868F9AB09CAB59D7 |
|
CONTENT
ssdeep
|
48:nevNmhwc/dx2ez3PCYrVKk3nOGYXi1LTTAPc8PZ:nfwydjz3PCcKMODiHA1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e6d2d8d8f270c8d8 |
|
VISUAL
aHash
|
ffa7e7a5e7c3c3f7 |
|
VISUAL
dHash
|
802a0c0c48b2a24d |
|
VISUAL
wHash
|
ff0307072509c3f7 |
|
VISUAL
colorHash
|
07038000000 |
|
VISUAL
cropResistant
|
802a0c0c48b2a24d |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 84950 techniques to evade detection by security scanners and make reverse engineering more difficult.