Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T15D22FFF06265A97B92A3C2E553B59B3B31E4C348C6470B844AFC83EC8BD9C85FC2654D |
|
CONTENT
ssdeep
|
96:TmvgHIwKSiw9CSl1smSl1WSl1A6Sl1lAETSl1kjpel1pprP8Qs8ejP+q+Vi:mgH63g3kj7Y/9AxRnrPi86t |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c26d30e1633f389e |
|
VISUAL
aHash
|
603038303c7c3c3c |
|
VISUAL
dHash
|
d4e0606ae0d4e8f9 |
|
VISUAL
wHash
|
60303c3c7c7e7c3c |
|
VISUAL
colorHash
|
38000c00000 |
|
VISUAL
cropResistant
|
d4e0606ae0d4e8f9 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.