Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T19DD20E30A444EC3B22A392E6A6301B0FA6959600DFD31BE2D7F5436E1FE5D41EF67A14 |
|
CONTENT
ssdeep
|
768:yk3vr8yvglk3SvQkUg4g65c2kxslEOGEiB3wQ4g65c2kxslEOGEiBL4t4GmFSsGN:yk3vr8yvglk3SvQkUg4g65c2kxslEOGo |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
da7166c66c70939a |
|
VISUAL
aHash
|
803c3c183c3c3c18 |
|
VISUAL
dHash
|
0769793271717171 |
|
VISUAL
wHash
|
f1fc3c383c3c3c18 |
|
VISUAL
colorHash
|
30006400000 |
|
VISUAL
cropResistant
|
0769793271717171 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2050 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer scans for high-value tokens (USDT, USDC, SOL, memecoins) and prioritizes draining based on USD value. Low-value tokens are ignored to optimize transaction costs.