Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1443276B21144201F621B9FCBAF15676E32EB20BFD5B30501A7ED8BC4EBB9C91ED06944 |
|
CONTENT
ssdeep
|
192:GsY5JgYc40qAAqRZ6wyK9XYhl3go40oAAqRZ6JMYmlcISs+c:YgM0jRZ6HwEla0hRZ6clcISs+c |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9292cd6d6d929e86 |
|
VISUAL
aHash
|
7e6c2c6c00180018 |
|
VISUAL
dHash
|
f4c9e9cdc220b270 |
|
VISUAL
wHash
|
ff7e7c6c003c1838 |
|
VISUAL
colorHash
|
31000600030 |
|
VISUAL
cropResistant
|
80c0e7292c642c3c,f4c9e9cdc220b270 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.