Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1C9241AF66120567AE483E3F8EF315A6DF256A1D9EF020685C3E84B0CB6B7CA5CC125D1 |
|
CONTENT
ssdeep
|
1536:XWYwnAijUDmI+eo3cYwIvHUDj6z3ZDG31YnHTtl/H2ShNSlAYCX65vBu81q25Vep:XKv3NG31oDh6nq2k |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e8c1171c3ca6c7f4 |
|
VISUAL
aHash
|
3f79fbf1c1110101 |
|
VISUAL
dHash
|
7293cb83b3f3a3f3 |
|
VISUAL
wHash
|
ff79ffe1c1110101 |
|
VISUAL
colorHash
|
300000001c0 |
|
VISUAL
cropResistant
|
7293cb83b3f3a3f3 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 392 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.