Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10E933CB43519F6271AB783A320DA15077279131B980E4C30B254ED9E76FCC8AB46BFD5 |
|
CONTENT
ssdeep
|
1536:31hP8jBBxAqoZogVflUuRNka2wblHbJLwLIz9GguGOjjRnK:3GARrX2wd9W/guGO4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
92c46d6d92923d6d |
|
VISUAL
aHash
|
70722e2e04000804 |
|
VISUAL
dHash
|
c6c2cccccc30f0cc |
|
VISUAL
wHash
|
7efe7e6e1400183c |
|
VISUAL
colorHash
|
380c0000600 |
|
VISUAL
cropResistant
|
8200808080000082,800080c0c0800000,c6c2cccccc30f0cc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1057 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.