Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17733832513441A3E561786E8F6F5B339A26ED358E63B992DF2BD01B327C2C45C9332E4 |
|
CONTENT
ssdeep
|
768:2rCUaRIFCXnKEmctW8h61P1qEiB98hHLcw65WgqW+z7PkYBfAMzTkDT2ioARxaKd:9BBRYBlHAJ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ea41bf2ac46ac13e |
|
VISUAL
aHash
|
ff0000000000c1ff |
|
VISUAL
dHash
|
41d4d1e1a5c53333 |
|
VISUAL
wHash
|
ff00007070e1dbff |
|
VISUAL
colorHash
|
02006000000 |
|
VISUAL
cropResistant
|
26016145156101dc,333333332382ea51,02428ec2d2c20a82,d4d0c1e1a5658933 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 27 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.