Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12993C7B0D62020B642279BC9F2318FCF71D6571FCE13C461E3FD9B99A7DAD90891189A |
|
CONTENT
ssdeep
|
768:963aosArcLEH5oi+1+xFNBdyMMRclYQwYQSuuuLuuuLuuuTSnRoNpDC:pAILydWPQbQqnRoD+ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b5e84a15b469f943 |
|
VISUAL
aHash
|
0010e9c7e7cf0000 |
|
VISUAL
dHash
|
26a78b8e8eae5124 |
|
VISUAL
wHash
|
8013f9efefff0000 |
|
VISUAL
colorHash
|
312020000c0 |
|
VISUAL
cropResistant
|
5e36e4a49590bcbc,5e5e53551152c8b9,f0f3e3bcb41c0903,26a78b8e8eae5124 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 6135 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.