Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C52474703901982AE04F49CF537B256EF2D0D7EDD66362C0A6F0D3249AF9C95FEA9640 |
|
CONTENT
ssdeep
|
6144:Um+Dm+brY2kUGYamo1nxMYjBZTat771AR:6O |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93616d32466d5eb2 |
|
VISUAL
aHash
|
00072f3f3f0f0f30 |
|
VISUAL
dHash
|
ccede8caedfcde65 |
|
VISUAL
wHash
|
20072f7f3f0f0f30 |
|
VISUAL
colorHash
|
31002000180 |
|
VISUAL
cropResistant
|
e8f9696b696ae2e2,ccede8caedfcde65 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 263 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.