Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13664C6A3412C497E17974BC1E624271A7DC5B04ECD5616D3E2BEC3E823FACD27912A93 |
|
CONTENT
ssdeep
|
6144:h20upZAupZ55mvZrc527Cwzrzki8CbUcJvcugFvTLj8UFJ40SSOuE/1ZdfM+ji0J:65Ack7Cwzrzki8CbUcJvcugFvTLj8UFC |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9643bd6116965d69 |
|
VISUAL
aHash
|
0000000400ffffdf |
|
VISUAL
dHash
|
d4c3ccecccc33437 |
|
VISUAL
wHash
|
0200047e00ffffff |
|
VISUAL
colorHash
|
07001000180 |
|
VISUAL
cropResistant
|
528a9b9b9a9a1272,0004706961750400,0200070733373737,d420c2c4ecec49c2,08d3dbc757a7af8f |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 933 techniques to evade detection by security scanners and make reverse engineering more difficult.