Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T166F35221621D842D16B31FD0EAA5BF3134B7F378E443F42DDFAD20960BCA9917B24999 |
|
CONTENT
ssdeep
|
1536:6HzcyUKJqmNdBShopEs/dcnNdBShopEs/dc564kdR1sf7:Sze+qk64kT1sD |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
def765dd8a272004 |
|
VISUAL
aHash
|
d280003c3c180001 |
|
VISUAL
dHash
|
362982697132b489 |
|
VISUAL
wHash
|
fffc00bd3d3f0001 |
|
VISUAL
colorHash
|
38200030000 |
|
VISUAL
cropResistant
|
5555565353d25d49,5b9ba40c0cbc1a1a,362982697132b489 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 128 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.