Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1DF626421200039BDD5676995BB616B2C2273424AEED791846BF88B9117E7EFCCC3F8C4 |
|
CONTENT
ssdeep
|
384:gCcQ2QWZPB9UZjDu80EfkKa5buYxANCa0ANEV4:bCQWZPB9UZjDu85kXNu6ANCa0ANEV4 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e3889e63f00ef117 |
|
VISUAL
aHash
|
e0f8f9e1e0e020e0 |
|
VISUAL
dHash
|
c8c2d3d3c8c86348 |
|
VISUAL
wHash
|
f0f8fdf1e0e020e0 |
|
VISUAL
colorHash
|
031c0000000 |
|
VISUAL
cropResistant
|
c8c2d3d3c8c86348,1212250d0f3f2737 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 207149 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.