Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13122D7775200DD5B1A6283D0FF82712DD7D0E686E8221AA666F9C3EE0ED1ED0EC93113 |
|
CONTENT
ssdeep
|
96:tY0jJnNni7TNK/jVj9Mqh/nsGx136DYjlJzhku3hGhXh9QlyIqaULNmH2ul+X6bN:FjnmU/jVj9/sJUjlJC3QpqaULNmWjX4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ccc333398f8f3930 |
|
VISUAL
aHash
|
000078bc78180000 |
|
VISUAL
dHash
|
0180e061b0b04c14 |
|
VISUAL
wHash
|
80f8fcfcfe7e0200 |
|
VISUAL
colorHash
|
380010001c0 |
|
VISUAL
cropResistant
|
0180e061b0b04c14 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.