Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17C2278F30590601E111B9ACB9E262B6E32BB20BFD5B30541A7FD8785DBAFC91FD06446 |
|
CONTENT
ssdeep
|
192:GliNqi140IfAAqRZ627C2FJGimDU40IaAAqRZ6oS5ZgZ7aoFEeUc:V60IyRZ627C2j/mD0IzRZ6oD7aoFE9c |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
92926d6db292cd65 |
|
VISUAL
aHash
|
7e2c2c6c04180000 |
|
VISUAL
dHash
|
f4c9c9cdcd32f072 |
|
VISUAL
wHash
|
ff7e7c7c0c181818 |
|
VISUAL
colorHash
|
31c00000000 |
|
VISUAL
cropResistant
|
b6a242c6c6d6f3fa,f4c9c9cdcd32f072 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 6 techniques to evade detection by security scanners and make reverse engineering more difficult.