Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1B492954038E7761C4AB9130FC262172ED7EF53E6E330989D4FAACB272A5414AC1F7659 |
|
CONTENT
ssdeep
|
384:Zk2yvLa1woA+ecLn4ur5MSzrtwpSQbFgRCU0yuE1:ZZMOXlew/rw+1 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cf663199926c369a |
|
VISUAL
aHash
|
003c383c3c18183c |
|
VISUAL
dHash
|
1069616169707061 |
|
VISUAL
wHash
|
18fc3c3c3c3c3c3c |
|
VISUAL
colorHash
|
33000038000 |
|
VISUAL
cropResistant
|
001088cdcd308800,20c02d2b33dc0180,1069616169707061 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.