Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1BC54846C300215AF51B3C6D0B4A1BF57A0E1F30BDE6EE605A5ED22151FCBD32AAE1674 |
|
CONTENT
ssdeep
|
1536:Q6uIKHf0H1kzRKislm2IopkoDXfDZbaRHQXz1nGxKSA9VSSyav1t4tBeR1Vp/7Fe:yIKHf0H1kzRKislmdikoPhhUZL8Rn7U |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
ceef313886248fc6 |
|
VISUAL
aHash
|
010038393c3c0000 |
|
VISUAL
dHash
|
0f616161616161d9 |
|
VISUAL
wHash
|
85f83d3d3c3c3c0c |
|
VISUAL
colorHash
|
30018000400 |
|
VISUAL
cropResistant
|
0f616161616161d9 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 64 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.