Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T12FE3B710D200142D91D3E5C278B74B6D66F58306C7025A68F9EE4FB8C7DEDA8F7A7988 |
|
CONTENT
ssdeep
|
1536:OszKJsIxYMm4vklN979rcllVlx3llcFlCTl1QlFelG5l1g52lyot+DH7vRflwl0n:OJ5m597y+HlyItOoOglyItOoOewMcx |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d1f986a89af8826d |
|
VISUAL
aHash
|
fffee4cc0000003c |
|
VISUAL
dHash
|
3b5ecc985251c9f4 |
|
VISUAL
wHash
|
ffffeecc0000007e |
|
VISUAL
colorHash
|
090030002c0 |
|
VISUAL
cropResistant
|
0b0b403c3c30309c,f958b2d373929393,5c1c1c0c058409c5,1c1c1c0c051409c5,7360d97970763636,65eaea6a6a00c282,3c5e881856d1c9f4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 98 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.