Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10F23A372032008F9792B93D5D89E6B53E6849D86EB8511D1F6BEC21C29DCDB0DC7326B |
|
CONTENT
ssdeep
|
768:Q7YgPZobqemlUcuXw/t17vfG6cxnk4s0wDOQcxspIdb169oTsK07EB++l33hrPJm:Q7YgPZobqemlUcuXw/t1726cxnk10wDP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cab4ec13c6dd8386 |
|
VISUAL
aHash
|
ff813e3c3c08fbf1 |
|
VISUAL
dHash
|
2f2fe8e8e9d9d323 |
|
VISUAL
wHash
|
ff003c3c3c087bf1 |
|
VISUAL
colorHash
|
0e201010040 |
|
VISUAL
cropResistant
|
2f2fe8e8e9d9d323,9196959494f97366,d9c9494b4242061c,556d90e8c8134945,0303030306262c6c,3968a9a9e898d8d1 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 933 techniques to evade detection by security scanners and make reverse engineering more difficult.
Pages with identical visual appearance (based on perceptual hash)