Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19A62CB35FA802833E12FEBC2F551561A61A2F32AD60708E072ED42B44FE7DE9F49E455 |
|
CONTENT
ssdeep
|
192:aO/4MRdGfpFA3FOq+ZTVPX+K4aHYzpzvV+xNixVcq:PrwfpFKFvSTVBUNTV+xNixV |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d5ad3a3a82c46d39 |
|
VISUAL
aHash
|
0183c37e7e80c000 |
|
VISUAL
dHash
|
170f16c4cc960c0c |
|
VISUAL
wHash
|
81c3d3fefee2e000 |
|
VISUAL
colorHash
|
380002000c8 |
|
VISUAL
cropResistant
|
cead192b6b29adce,c5263624cd0d2c2e,2b044c2b2b68692c,3332b2aaaa8ecccc,72b292d49653519a,170f16c4cc960c0c |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.