Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1290342305550AE774183A3D4FB715F7F63D18290CA130B06A7F88B1E9FDAE92CE291A5 |
|
CONTENT
ssdeep
|
768:Tc8sNu+8lW7ySZfF6LKj2A+66sbrBl4QHfNCzVKs3u:48sNr8lW7ySZfNj7+66sbrBl4QH8x3u |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c3076ce83c3ce1d3 |
|
VISUAL
aHash
|
00202e3e7e7c6000 |
|
VISUAL
dHash
|
b449c8ccc8c0c080 |
|
VISUAL
wHash
|
00206e7e7e7cf8f0 |
|
VISUAL
colorHash
|
30030000400 |
|
VISUAL
cropResistant
|
c1f0f8bcbcb4bc3e,fe9a609696866282,b449c8ccc8c0c080 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1476 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.