Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1EBC2FA3021092A7B233B47D5F1516BAEA1AB430DD997D98473FC51E2ABCCCE4E9623D4 |
|
CONTENT
ssdeep
|
384:CrPmigv4bj5S+ed5uQ6lt/L8LPtNfDtgkoeoNoxoImgS/vXH:wOixbjAZdytitNfDBoeoNoxoAGXH |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
94e44b6a3eb13479 |
|
VISUAL
aHash
|
0172060606060c0c |
|
VISUAL
dHash
|
4fc4c4ccc4ccd8d8 |
|
VISUAL
wHash
|
07766676062f0f0f |
|
VISUAL
colorHash
|
31211000400 |
|
VISUAL
cropResistant
|
78fcfae65e1cb8f0,e6dc188c80808080,4fc4c4ccc4ccd8d8 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 81 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.