Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17A5419BFA32852F9E106C7DCDA52E038316E24FE3B6183A8E7594F36B5148DD8C55D82 |
|
CONTENT
ssdeep
|
1536:XX8Ucshc9BoUpQ5LToa0ZvqLDTKc9BoUpQ5RyiyOYjyty2ByayVgHOWIbZHReYwL:fc9HQsc9HQtAGyczQgdt |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
963c69969c6db494 |
|
VISUAL
aHash
|
366460143e3e3c3c |
|
VISUAL
dHash
|
a4ccdcf4e4c4c8c4 |
|
VISUAL
wHash
|
166660343e7e3c7c |
|
VISUAL
colorHash
|
3800a000240 |
|
VISUAL
cropResistant
|
727130d2c96b72f2,a4ccdcf4e4c4c8c4 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 67 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.