Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T155C293B37140B23302A792D9AAB967AEB3D08351CB670A0513FD839ECBC7D55DD23586 |
|
CONTENT
ssdeep
|
384:gel9IInFb6z6KunbIFxkefTZjVh1+KaPARDpC/nT+IYz5G68UZNLbWqkbcyWR:g89IIn1ls97NzDC/nT+DzIM1/ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a4cb88659b69cf31 |
|
VISUAL
aHash
|
18ffffffc3c3c3ff |
|
VISUAL
dHash
|
238e0e4996969616 |
|
VISUAL
wHash
|
00c7e3e7c3c3c3c3 |
|
VISUAL
colorHash
|
06000000046 |
|
VISUAL
cropResistant
|
238e0e4996969616,0000000001010000,0000000000000000,3bb392d8d2f2b3b6 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.