Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14AA38471D224657F691B1BFCD576E3EAB2871258D722E74A63E831B073C4DB08960F88 |
|
CONTENT
ssdeep
|
1536:b7rsee9MDWkM+O09i+We+zYHZQn8PO6Gi+We+zYHZQn8PO6Vgb:bsix |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8dab23a9a923ad8d |
|
VISUAL
aHash
|
83001818181800bf |
|
VISUAL
dHash
|
0b903332b2324c30 |
|
VISUAL
wHash
|
c3183c3c3c3c18ff |
|
VISUAL
colorHash
|
30080006000 |
|
VISUAL
cropResistant
|
02740b1716020800,0b903332b2324c30 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 396 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.