Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16B5409BFA32852F9E106D7DCD952E038326E24FE3B628398E7594F36B5148DC8855D83 |
|
CONTENT
ssdeep
|
1536:l8Ucshc9BoUpQ5LToi0ZvqLDTKc9BoUpQ5RyiyOYjyty2Byaygq0OWIbZWbeYV99:pc9HQKc9HQtpq0yAUPQ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
966c69969669b496 |
|
VISUAL
aHash
|
166060147e7e2c3c |
|
VISUAL
dHash
|
e4c8d4d4e4c4d8dc |
|
VISUAL
wHash
|
167060347e7e3c7c |
|
VISUAL
colorHash
|
30007000200 |
|
VISUAL
cropResistant
|
727130d2c96b72f2,e4c8d4d4e4c4d8dc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 71 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.