Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T196B249B1A0020AA242FB9DC2E5617F2E76D7F30F8526C9857ABC958A1FD3CF5F521060 |
|
CONTENT
ssdeep
|
192:6jVRYaZ95PETJs0vN9HhlFOFqF9NF4F/FqFNF4F9FqFUF4FOgFqF1F4F+FqF/F4H:KrSHhKF1FOFOqF2FDcMwaD |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
a6336633998ccd99 |
|
VISUAL
aHash
|
c3c3ffffffefffff |
|
VISUAL
dHash
|
0f0d160c1c0c0c04 |
|
VISUAL
wHash
|
c3c3c3c3c3c3c3c3 |
|
VISUAL
colorHash
|
07009400400 |
|
VISUAL
cropResistant
|
0f0d160c1c0c0c04,8080c0d0d0808093,b28092d2f0d694a2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 28 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.