Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1628417B2715861BE222387DDE73BE312F2B1E616C98181C1F9F993685AC5D57CE2360C |
|
CONTENT
ssdeep
|
6144:61EkJofeC0rSoykxv1EkJofHC0rSoKk+Zy7KE2hnujcPP1Ar:6lSoykxveSoKk+ZUXpjW14 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8b0ef871f62ac516 |
|
VISUAL
aHash
|
001f3f0f070109ff |
|
VISUAL
dHash
|
29fbebebea8b9b3d |
|
VISUAL
wHash
|
003f7f0f0f0109ff |
|
VISUAL
colorHash
|
03200200018 |
|
VISUAL
cropResistant
|
29f3ebebea9b9b3c,aa80a0a6a6c080a2,297bebebebea9b9b,4786c79f16595c72,0319999010101001,7535317b6d3b8f8f |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 270 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
Pages with identical visual appearance (based on perceptual hash)