Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17AE2EC66C1629EBB0523D1D2DAE0AF2BF3810189CA930E4533F9D72B9B9FD80DC51657 |
|
CONTENT
ssdeep
|
384:QzY6uPQCwmBuoQ0ZRPbPw1uPSl1OjAM4hknbGKckIQ8E:QzY6uPQpm4oQURPbRA1Oj1nb3ckIQ8E |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
93d66d61636d6143 |
|
VISUAL
aHash
|
00ffffffff1c0000 |
|
VISUAL
dHash
|
d4f06868c0503270 |
|
VISUAL
wHash
|
00ffffffff000000 |
|
VISUAL
colorHash
|
07000000e00 |
|
VISUAL
cropResistant
|
f07068e87068d8d0,3644c4c808225858,1030327070701008 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 962 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.