Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17D5409ACB16462B7A437C7E8E5227E20309772FFFB498244C2E807745FD6C6A78594B4 |
|
CONTENT
ssdeep
|
1536:sA/LBzTASMyMaMyMUMyMUMiQm5PL4kxomwfRsCNysSBjPsuNb5h2CcejqpsqRz22:sA5T+7z7x7xatm0dNx3CZ7z7x7x/hd |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8536c22bc93b8d2f |
|
VISUAL
aHash
|
0c460e424301007e |
|
VISUAL
dHash
|
5bacac8aa64bc1d4 |
|
VISUAL
wHash
|
0d767ec64301397e |
|
VISUAL
colorHash
|
30006000040 |
|
VISUAL
cropResistant
|
3098cce4f2fafcf8,220709384755a66b,5bacac8aa64bc1d4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1289 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.