Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17F93E9609244B8AF5043C3ECB731626733EB72A7CB13454986F04BB8AB5EC99DE675C4 |
|
CONTENT
ssdeep
|
768:8Ty+Ul4YOrP7TNx/qsHfdvdhv+Or/TTsAelY+OrX7xkxIqGHfdNVnr6OrATBZEnw:F+V7TNx/qsFdnkAh7xkxIqGnV+R |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d99999666666268e |
|
VISUAL
aHash
|
899c1c909c1c149c |
|
VISUAL
dHash
|
1b18392635383531 |
|
VISUAL
wHash
|
9d9c9c989c9c9c9c |
|
VISUAL
colorHash
|
300030000c0 |
|
VISUAL
cropResistant
|
f0cc96b20b0f8e8e,1b18392635383531 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 4 techniques to evade detection by security scanners and make reverse engineering more difficult.