Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E6F15351A140A97F04278ED5B26EDB0F33BBD296FDDA210193EA43AC16F6C51EC0B458 |
|
CONTENT
ssdeep
|
192:Nlow0z8HIYc5ec9pdNzYwuZ9egmlFE2a16:NZDHhc5ec9HhuZogmlLaM |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9bc737271a90c6d8 |
|
VISUAL
aHash
|
2e32fe1c1d274f0f |
|
VISUAL
dHash
|
5c56a0b8314f9c1d |
|
VISUAL
wHash
|
aeb27c0c1d270f0f |
|
VISUAL
colorHash
|
01380001000 |
|
VISUAL
cropResistant
|
031b1b4939c4f0b0,b8acc0f2e19f3a7a,0d09c746d272369c,e1059ec0b203e1b1,69cca8f871b2d469,9e9e2c189bc30505,662d98de1c63cf8f,93995b316d6d2c6c,47b611533614d13d,44171b75535b2baa,4d860f0f69293231,3749c8e8f0f0691f |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 20 techniques to evade detection by security scanners and make reverse engineering more difficult.