Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FC03637472A21477916B8AF3F1627739B0B8C74CDE2785A5F3FC43591BC9C21AB012A5 |
|
CONTENT
ssdeep
|
384:ooNOdmPARgCPARgf/P9anYVRxU26z261L/PZd4sbxgLqzHNsw:18dzwA/PmYVRY/xd4sFgLqzHNX |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8faa2aa89795d878 |
|
VISUAL
aHash
|
1f01183e3c180080 |
|
VISUAL
dHash
|
fb03b160f0300331 |
|
VISUAL
wHash
|
ff033d7f3c3c8080 |
|
VISUAL
colorHash
|
30200018001 |
|
VISUAL
cropResistant
|
74f6071717171717,d9d99e0e2e2949c9,054dd9d9d1333317,fb03b160f0300331 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 13 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.