Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DFA2F0709410DA3705D3B2F56638676AA2F19394CE632A0A7EF1871D5FE3E69CF02478 |
|
CONTENT
ssdeep
|
384:9PLr6T7KVZ1lCKQGLrU/qy/+e8yBL1DCOr0Am+kwGP4MCmFA1G4iDwAZn:Vvk2VZ1lCKQGLrU/qy/+e8yBL5COr0A8 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e504da6bd734a1c3 |
|
VISUAL
aHash
|
000022022000ffff |
|
VISUAL
dHash
|
8824c4c4cccb3408 |
|
VISUAL
wHash
|
fc0276066000ffff |
|
VISUAL
colorHash
|
010000001c0 |
|
VISUAL
cropResistant
|
2e2e65558585e4e6,f0e8f0f28e8e8eec,ffffffbeb6bfffff,0000000102021a4d,8024c4c4c4cccb14 |
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.