Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14CF30BF8132059FDADC2F6E6AB1335267423C4FBE60A4998C2780E5C1CC5A5DCCD6AD2 |
|
CONTENT
ssdeep
|
1536:/rFpFLDRGm3jff8mOG0lm9Sqh19IrZ1IrtrXUt/H8C37pqKinMUO1SqKiVMUK1Ql:/wpZOrtrXUt/H8C37P |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c4c42939163fb7c6 |
|
VISUAL
aHash
|
0070f6f6f6c10160 |
|
VISUAL
dHash
|
9ab6e4accc5642d4 |
|
VISUAL
wHash
|
0070f6f6f6c3e360 |
|
VISUAL
colorHash
|
01006000000 |
|
VISUAL
cropResistant
|
e7c6dacca4bcc4d1,69e9e5d5e193676e,0e61e2a2cb0b39d9,68261e1c180c0e0e,aab0d120e0f1b06a,6868ec44555bac8d,e007faa2157ec00f,9ab6e4accc5642d4,212fa9b519759b7b |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 165 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.