Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FA23407390106A3F950393D4BB31AB5EE3EEA15BEB051641C3F482ADB7C7D91CC92195 |
|
CONTENT
ssdeep
|
384:7Idk5+nol6JjwIZBYF3dQ6JjwIZBM5N5/525Kk1p7TMByG//gAq8osfuw7mwEGHL:f6u6RwyKG6Rwyq5N5/525KFB/q2yW31 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e8c1171d3ca6c7d4 |
|
VISUAL
aHash
|
3b79fbe1c1110101 |
|
VISUAL
dHash
|
f2d3cb83b3f3a3f3 |
|
VISUAL
wHash
|
7ff9ffe1c1110101 |
|
VISUAL
colorHash
|
300000001c0 |
|
VISUAL
cropResistant
|
f2d3cb83b3f3a3f3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 531 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.