Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19A9232716041F93742E7D3D9932AA36FB1E38296DD236A0263F9834D4FEBD81CD6111A |
|
CONTENT
ssdeep
|
192:/QBTtbwBsyH/wLt6rhNpU1MhIJ71zwVqBYk1OGTPKcm1UmiHmlACuj3MXzsBWm75:/gN5QCgYp6ZQKcariHmlkCsV7ppJQE |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c6679238b816ed36 |
|
VISUAL
aHash
|
0670303000201cff |
|
VISUAL
dHash
|
c4c2e4c4d0c47c78 |
|
VISUAL
wHash
|
7e78703c00303eff |
|
VISUAL
colorHash
|
30000001058 |
|
VISUAL
cropResistant
|
c4c2e4c4d0c47c78 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.