Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10641337B4108D01B134383D1B7E6317AFD43035BDB4219A1E2F703BED674BA6986514B |
|
CONTENT
ssdeep
|
48:0XUCcTNmTNMTNmTNMCvTNmTNMTNmOTNMVcp3gtIo8UpewW5/9Kn0ULkm:0TTO8wn8NwW5VE0Ed |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
86426934749bc76f |
|
VISUAL
aHash
|
00387c3c363e0921 |
|
VISUAL
dHash
|
e6e1e9f4e46473c2 |
|
VISUAL
wHash
|
00387c7e363e1b73 |
|
VISUAL
colorHash
|
1a600001000 |
|
VISUAL
cropResistant
|
b6a66da92d65929a,9c2a6b559a555b5a,3336e2a2c932c303,b121751514351595,e6e1e9f4e46473c2 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 902 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.