Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1CC720C75722422B05E0343EBAF1213F9B31393BCD9225799D3A9C25476898FC8A57EC6 |
|
CONTENT
ssdeep
|
192:QoloBYJ5J96u9BtAsu+5M3rupRsto4KPWhGnluv1zku9cuGRmKbMpBXp7sfgg8gk:Q6og7tAznapRstP6Woq1gsmMpBZ7eg/B |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
be9ad560c1a13db4 |
|
VISUAL
aHash
|
fffd81818181ffff |
|
VISUAL
dHash
|
0f5d397135550d8c |
|
VISUAL
wHash
|
ff8d01818180e7ff |
|
VISUAL
colorHash
|
0f610000000 |
|
VISUAL
cropResistant
|
0f5d397135550d8c,626ac6d6e4bcf97a,8bc370bee9b1baaa,a282c44b3351a2b2,a2a2ee3313a6a2a2,bc3cbbf17136d616 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 486 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.