Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T123E26BB142005DBE9EF6F4C088D77A0A21F1B4E7F56F18D83578940A5BC2FB2A4D92B5 |
|
CONTENT
ssdeep
|
768:Bab1bzTSsRzOsAuXCAAK7mg/pXCTOqLWANzOFEGTCHdz0GTZAtJknAtJkBf0GTpV:BsTSROqLdHdjY3HXhlNgR86p |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c47e1ec11be3689c |
|
VISUAL
aHash
|
00a280007e7e7e1e |
|
VISUAL
dHash
|
5564af93d6d4c4f4 |
|
VISUAL
wHash
|
0086c1017e7eff3e |
|
VISUAL
colorHash
|
31400018000 |
|
VISUAL
cropResistant
|
451e1e1e1e4e7cd8,e4c6b0a85159d2c6,da2b8f1f3faeaae9,6d96978686cc8c90,0032ce7535147a33,5564af93d6d4c4f4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2128 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.