Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T107F16321636C0B3E561783D4F596B33840AED38AD61E942CE6BC12A21686EC8DC737E4 |
|
CONTENT
ssdeep
|
192:s/Ex2oQFuxS/snxSHsnxS1snxSjysmp8EiE:IEAXAwIwAwawcp8XE |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b2a74c9918e6b738 |
|
VISUAL
aHash
|
ffffffffffff0000 |
|
VISUAL
dHash
|
2b0e0e0c1000cdd4 |
|
VISUAL
wHash
|
b9e7c3c7cfcf0000 |
|
VISUAL
colorHash
|
060000001c0 |
|
VISUAL
cropResistant
|
23080e0d0c121800,32c9cdb4334c3030 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 23 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.