Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15412A4F385504D5A06239FE8BB93725882E4D949E8544C20B9DCC7FE0ED2EA0E4D79B6 |
|
CONTENT
ssdeep
|
192:oW8lXUVW8+W8ihdGQVFW8j0s3W8mW8auVY1oNFptJ:AXUTd7VnNM+12HJ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ec6992936ec69839 |
|
VISUAL
aHash
|
ffc38181f1ffffdf |
|
VISUAL
dHash
|
390337272339d933 |
|
VISUAL
wHash
|
fd818181c19fff81 |
|
VISUAL
colorHash
|
01e00000000 |
|
VISUAL
cropResistant
|
390337272339d933,5454545394aca797,6366666267439a9e,aeeaa7a4ef2a8b9c,9e1a5b5b5b0b0909 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.