Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14792313112811A7B859746F9F6F4F33991A9C29CC637CD9AF3EC01B32BC6D65C922294 |
|
CONTENT
ssdeep
|
384:RF2Bsz1nQ6tmPEEuih355cOYVYUYUYoUld2D6guwgfK7Cq8XZrQ:RF2Bsz1nQ+mPEEuih355cOYVYUYUYFlK |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc7331dcc3c964d8 |
|
VISUAL
aHash
|
0000103c3c181800 |
|
VISUAL
dHash
|
9448166169b23204 |
|
VISUAL
wHash
|
ff40387c3c3c3c24 |
|
VISUAL
colorHash
|
30038000000 |
|
VISUAL
cropResistant
|
2cc44357949595b7,9448166169b23204 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 10 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.