Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T14C530C70A841EC3700CB96C562364B2A62F6D345CA531649BAF9D3ED1FEBC68DE73250 |
|
CONTENT
ssdeep
|
1536:qzLsIxcUJ9zY1yiu0SsX7opohorEr1fjSVv8SSLAnLV+79F:qPYg8torYf9SSLAnLV+7T |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
930d6c43f296749e |
|
VISUAL
aHash
|
00091f2f2d2c3fff |
|
VISUAL
dHash
|
969bfecdc9c9e995 |
|
VISUAL
wHash
|
00091f2f0d2d1fff |
|
VISUAL
colorHash
|
18200038000 |
|
VISUAL
cropResistant
|
e1e4c684a4643693,d1e9e9dbea6ed4c9,feddc9f9c9e9e995,6d6dd5fdbd9de9e8,969bbbdcc9d9c9e9,404143a98d5badac |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 80 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.