Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16A82C7222452742E876323CBE7B38B7EDEDB8306D532680586BDCB5D97D9D91C8A310D |
|
CONTENT
ssdeep
|
384:rr4tmTww/MgkNgjK8Fz/tyMsykLOe18Zk/5YC/UGrG4s17cn:/kw/MgkNgjKw/MMsykLt18Zk/5PUs+Y |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cec9b3613c3193cc |
|
VISUAL
aHash
|
083c3c18183c3c3c |
|
VISUAL
dHash
|
d06070b0b0e8e061 |
|
VISUAL
wHash
|
7c3c3c3c1c3c3c3c |
|
VISUAL
colorHash
|
38007400000 |
|
VISUAL
cropResistant
|
d06070b0b0e8e061 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.