Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BF522BB9F22815A59E4383D6FE2112E9F013507A9A725F9CD3558348F2DDCFE88209C5 |
|
CONTENT
ssdeep
|
192:QoFKoBYJ5J9nDQWk2mku9cuGRmKbMpBXp7sfgg8gk:QJogLXsmMpBZ7eg/B |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e6aa51aad58b55a2 |
|
VISUAL
aHash
|
fdf3f3f7f7c3c3e6 |
|
VISUAL
dHash
|
3926262e2c0f0f0e |
|
VISUAL
wHash
|
bdd3d3d7d30000e6 |
|
VISUAL
colorHash
|
07007000080 |
|
VISUAL
cropResistant
|
3926262e2c0f0f0e |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 490 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.