Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F3C2F7338708123A874787C5F8B5238831A6C68FD79158E4BBBD0198DBC8DE1DD6D69C |
|
CONTENT
ssdeep
|
384:Mjn5MMgK7zysQaydVfwTqgzCBOdK+oXLjjHCoUau7a7:Mjn5iUzy3e/tdKv7n/UN7a7 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a75858796d1e3d60 |
|
VISUAL
aHash
|
00ffe7e3e3e3ffff |
|
VISUAL
dHash
|
30314e4e464e6e6c |
|
VISUAL
wHash
|
001fc3a38383e7bf |
|
VISUAL
colorHash
|
06000000180 |
|
VISUAL
cropResistant
|
31464e46464e6e6c,1032303030528888,a55954adab725efc,6ba99c54754d98c0 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 207148 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.