Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A9F2537761C9AC3E0353C1D0E2567B3AE1C192A7EE331606DDEA97CA56DDD90C8211CE |
|
CONTENT
ssdeep
|
768:enlJlTOlu8ls1liTIIals1liwGGcZv7AZrsn/O3eTk+hdDilE0A16E74xo8VAEx4:blu8ls1liTIIals1liwGPZv7AZ4n/O36 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c4687b3733dbc184 |
|
VISUAL
aHash
|
80107e7e02363c30 |
|
VISUAL
dHash
|
0b35f0b0d6e46064 |
|
VISUAL
wHash
|
81107e7e623e3e3c |
|
VISUAL
colorHash
|
38000000c40 |
|
VISUAL
cropResistant
|
0b35f0b0d6e46064 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.