Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12BE229B4A230E335B2C247E8DA6425287A5FE1DDD7C695B0E388AF51B0D6CE8D9150CF |
|
CONTENT
ssdeep
|
384:Y7fUtegu1y2YRhiXkdvNTDhPhLxeAxeDWNW1Tp34PxeeJEmuW3AsquRWGMd:Y7fUtegu18hhPhleMeDGCSPxeeWmH1W |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
c34638f14e1f4b4e |
|
VISUAL
aHash
|
a0663030f06e0f40 |
|
VISUAL
dHash
|
449cea6bcbc89c91 |
|
VISUAL
wHash
|
e0467ef0f86e4f40 |
|
VISUAL
colorHash
|
30601000000 |
|
VISUAL
cropResistant
|
b466627860c1c9c1,dc9b07b88938a422,80100c4c4c081000,449cea6bcbc89c91 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 69 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
Pages with identical visual appearance (based on perceptual hash)