Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14212A633A140AD3A1253C3F5AF92B15A93E0C156DC261A757BFC87EE2EC1DE4E853522 |
|
CONTENT
ssdeep
|
96:theyJnNOioTNKnJ+MqhoHy5ScqmhfTw5LMDJikA9FPqBr9HOTpkASnOeTJz5cqO:clUUoS5bMMQkA9FPqXASOeTd5k |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
bc9039c3926fc639 |
|
VISUAL
aHash
|
ff8f9fbffff38183 |
|
VISUAL
dHash
|
3b38302f3827033f |
|
VISUAL
wHash
|
bb8f8f9f87818181 |
|
VISUAL
colorHash
|
07200018080 |
|
VISUAL
cropResistant
|
3b38302f3827033f,4131332bb3b3aa51,5632e8a868e2e128,9386e8b0bab2b0b2,59d8fde9eaf2f2ec |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.