Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T172A3955A9A09A47F02A3C2C6ABDBEF377389E346D94B812D02F9834957CDF51E53244C |
|
CONTENT
ssdeep
|
768:xJVmDS9TKSRjy97nqR2D34bfk11bY5D6fgi4JMsdgW+Gimp+T9uE2Rw1VOyxxw8D:xJVmOKEy9r4b8nbYZJdTS4EWN/6LR7 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
89dc265699762673 |
|
VISUAL
aHash
|
1818181818181003 |
|
VISUAL
dHash
|
b2f2f2b2b2b0f3db |
|
VISUAL
wHash
|
587878383c3c793b |
|
VISUAL
colorHash
|
300030000c0 |
|
VISUAL
cropResistant
|
4a797966236a5910,b2f2f2b2b2b0f3db |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.