Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C4535120A902BC3B52CB8AD56233577AB2A54384CA134685BAF493F95FDFC6DDB33105 |
|
CONTENT
ssdeep
|
768:wsIx/jGw9QjIHbe/0HGwY0opIx6yp0oC6tNUf7yq:wsIxAjIHlhY0opIy0tK7yq |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
9158ec25f0d395e6 |
|
VISUAL
aHash
|
ff183c2c000604ff |
|
VISUAL
dHash
|
b2f1f8c8ceda6a17 |
|
VISUAL
wHash
|
ff183c6c020e06ff |
|
VISUAL
colorHash
|
06c00010000 |
|
VISUAL
cropResistant
|
000002c2c22200fa,61e0f020b4b89c9c,f97c38d85a585cda,410018181e161694,b2f1d8f8ccceda6a,591c1e1705a78375 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 92 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.