Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1AFC43CB1A0102C7B01DB83D4F7B4670BB3A4D349EA0A45919BF8DF982FD6E60DE1A51D |
|
CONTENT
ssdeep
|
6144:g64HeIw12fMp1dyZy5Vp/NeAww5fu9M1aR04yzE/AW:g64HeIw12fMfdyZy5Vp/oAwGx1JWF |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
fa2443655c34e6e3 |
|
VISUAL
aHash
|
e064c79f98c7c5d8 |
|
VISUAL
dHash
|
06cc0d35310d1931 |
|
VISUAL
wHash
|
e024c79f9cc7c598 |
|
VISUAL
colorHash
|
03200030000 |
|
VISUAL
cropResistant
|
0000000000004068,4d3c30311d0d3931,b2e2b272e2b634a8,8c0d4ccc2c298e8c,464646064e0c8c04,cc4d3d3431150d0d,90c06143870e6363,aaabaa6a4aa96aea |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 714 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.