Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T13D12D8B23211256D5147CFDAB220BB05E18BE1AFDF5A54D5E3F943AA26C7CE1C930704 |
|
CONTENT
ssdeep
|
192:ElTlENkk6rkKFTEvydAP+TzTj+TKqT+TTQ9BNvTuI7StUIrEDNF:6JKkk6rkKKvPP+TPj+T9+TURvT77St5u |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c63839c7c2386dc7 |
|
VISUAL
aHash
|
0000007474300000 |
|
VISUAL
dHash
|
001cc2edcd42b440 |
|
VISUAL
wHash
|
0000f8fc74300000 |
|
VISUAL
colorHash
|
38038000000 |
|
VISUAL
cropResistant
|
70e49262419ae6f8,824532b68e9a55aa,001cc2edcd42b440 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 3 techniques to evade detection by security scanners and make reverse engineering more difficult.