Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1F3732593A109E8E766B39BD0F413AF06E262E30A843DD6B7659DE141DEE7CF07B40464 |
|
CONTENT
ssdeep
|
1536:u0HShN4FuVF5A+FwQyF41ZDFm6+FuGoY9EF+EZ417gNiCKH/8e4IXoIuOSbYKLW0:38 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e0602489d67f5b5e |
|
VISUAL
aHash
|
434300c0ffff0000 |
|
VISUAL
dHash
|
86861980b1b36955 |
|
VISUAL
wHash
|
434300e0fffffd00 |
|
VISUAL
colorHash
|
02000000c00 |
|
VISUAL
cropResistant
|
a280801a3a80a0a2,a292642d1b338ca2,323b692dcd8d3557,c0e0319193927073,88869686619615c0,737b8402085d552d |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 70 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.
Pages with identical visual appearance (based on perceptual hash)