Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T11F044C712608303F537326D66077AF4F32ABA10FD94E4940A7B8EBA917F5C64A01FB59 |
|
CONTENT
ssdeep
|
1536:vBZ9tRHRwykGVySPr8GIKdPnKMft7fc9hjD1Uz/HiVHEgqsVn/o5me6mv3cQ95L/:V3Fr8GReCQNiO84IMb1vYLngrO9lrKW |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a71e49d326796629 |
|
VISUAL
aHash
|
003c030327f7ebe3 |
|
VISUAL
dHash
|
61792f2f4f8f9b47 |
|
VISUAL
wHash
|
003c030367f7ebf3 |
|
VISUAL
colorHash
|
070000001c0 |
|
VISUAL
cropResistant
|
8300b4a4989800a3,2f2f2f4fcf9b0b47,07796f2f2f6fcfcf,ccf1f392343c094f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 435 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.