Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11362A731D9087A3E92374AC0A975639B635FB378F54F006496BE03F2CBC6D95C867644 |
|
CONTENT
ssdeep
|
192:6HjKz0QQjZ/vyU0TMQjZ/vkDdpVuJmElKVvAOcTrHpYjSEeQ0pNURPE+2:UKz0Tv0LaJbZvVvAOmbujlfRPEP |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
eccc33338ccccc99 |
|
VISUAL
aHash
|
e0e0f1d1d9d18383 |
|
VISUAL
dHash
|
0307272737250f0f |
|
VISUAL
wHash
|
e0e1f1d1d9d1c383 |
|
VISUAL
colorHash
|
380020000c0 |
|
VISUAL
cropResistant
|
0307272737250f0f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13602 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.