Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11A62623482908C5746A3C680EF74AE2A62C69345DF42AD8584F8C75FFDCADD4D4E30EA |
|
CONTENT
ssdeep
|
384:vWX6gzaMfcrQWi6ko0QN/1AeTrtkqFoFfS:uX6Ocpi6ko0QN/1AeTZfOpS |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e94316364516b6ed |
|
VISUAL
aHash
|
00e1fbfbf3c3c3c3 |
|
VISUAL
dHash
|
cc430333232f3f3f |
|
VISUAL
wHash
|
0060fbfbf1c383c3 |
|
VISUAL
colorHash
|
06007000040 |
|
VISUAL
cropResistant
|
03033333233f3f3f,928c889282848cb2,ccc303031333032b,b6b6aeb6b6b6aebe |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 54 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.