Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T109F392718281663340A786D6DA3CAB1B7BD2950FD6430B86A6F9F76DAFC8C54FC1014B |
|
CONTENT
ssdeep
|
3072:T6eIYmj0ahSeJ2B3vFqmrk5AGFUgsfLOBHbE8TdfX1yNrpLvTH4xBmLffphvAENH:TGmLsculLkN |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c790cf39393998c6 |
|
VISUAL
aHash
|
7f7c7e000000303c |
|
VISUAL
dHash
|
d0ccc4d048c86869 |
|
VISUAL
wHash
|
ff7e7e282420343c |
|
VISUAL
colorHash
|
30200030000 |
|
VISUAL
cropResistant
|
d0db6260a86e56e7,2cbcac6cc9ec6c4e,e29839355b5b1aa2,d0ccc4d048c86869 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 71 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.