Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T141A3FF61244956AEF7930AFCF0902E67A143FF2DC62170C5D3D993A512FAD72E21A38D |
|
CONTENT
ssdeep
|
1536:CghbYTtnCPuhEEwDE97oGW1vLPabcFh3r65:Cgh4nXFcW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
958e627a696a782b |
|
VISUAL
aHash
|
003f3f1f1f070000 |
|
VISUAL
dHash
|
6decfcfcf8bc9e80 |
|
VISUAL
wHash
|
007f3f3f3f0f0700 |
|
VISUAL
colorHash
|
17001008003 |
|
VISUAL
cropResistant
|
6decfcfcf8bc9e80 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 165 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.