Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D151BFB175780D1F3B7B82C4996AEE2422AFF38AF05A9C7169BC106C0EC3D66F483055 |
|
CONTENT
ssdeep
|
24:hRxdC7AygSWqJJELX8HdyPe3TRf49Jq2jPdjoulfrkB9Kvai2P20tcMRTbhlrzJp:Tx+JBAkT5aCliannVXtvbUFQuE7cAFZ |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a6cc8d339999666c |
|
VISUAL
aHash
|
7fe7e7e7c3e7e7ff |
|
VISUAL
dHash
|
b04c0c0c8e4c0c0c |
|
VISUAL
wHash
|
33a32323c0c0c8c0 |
|
VISUAL
colorHash
|
07001000c00 |
|
VISUAL
cropResistant
|
b04c0c0c8e4c0c0c |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.