Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1A1A319743599F56616B343A210AF1103B37D1A2F940E5C20B394F8AB76E8C9EA077FD9 |
|
CONTENT
ssdeep
|
1536:zwESa91tf1FALidhbPwPcOno9jR4BXu/q6h2iq:zwEjFA8ZwAR4BBWq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9c95363594b5969c |
|
VISUAL
aHash
|
06003c3818000054 |
|
VISUAL
dHash
|
c63170f0b2c4d0cc |
|
VISUAL
wHash
|
76003c3c3c3c7c7e |
|
VISUAL
colorHash
|
38000000e00 |
|
VISUAL
cropResistant
|
a400a56969800080,c63170f0b2c4d0cc |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 388 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.