Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1599397F053C0593F44A7C3EA75BA7F1AB6E1B01ED5803525D7F8A68A4ADCE35E102E42 |
|
CONTENT
ssdeep
|
1536:uRNxhrLJg0sPJ2qg5KtqJfsPJ2qg2KtqbTV6dbbbcG:udoOEFG |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c20f9fb024cf2f38 |
|
VISUAL
aHash
|
3c3c3c3c3c3c3c3c |
|
VISUAL
dHash
|
686860e0e8e9f8f0 |
|
VISUAL
wHash
|
3c3c3c3c3c3c3c3c |
|
VISUAL
colorHash
|
13403000000 |
|
VISUAL
cropResistant
|
e3ababb6e88484c8,94e6e6c6d6f6f6c6,24acd5e8e4286a19,9a8998da29313b8b,686860e0e8e9f8f0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 17 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.