Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1E854856C300215AF51B3C6D0B4A1BF57A0E1F30BDE6EE605A5ED22151FCBD32AAE1674 |
|
CONTENT
ssdeep
|
1536:Q6xBKHf0H1kzRKislm2IopkoDXfDZbaRHQXz1nGxKSA9VSSyav1t4tBKR1Vp/7FP:1BKHf0H1kzRKislmdikoPNhUZL8Rn7B |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cccc3233933399d9 |
|
VISUAL
aHash
|
0018383838180000 |
|
VISUAL
dHash
|
0fb5737370724451 |
|
VISUAL
wHash
|
85f83d3d3c3c3c0c |
|
VISUAL
colorHash
|
30200038000 |
|
VISUAL
cropResistant
|
e0e1b0d6d47070c8,0fb5737370724451 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 64 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.