Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1ED23A875660151AB03BBD8C1E6617F1FB6C6F30F81068556ABBCD18A2FC3C76B721162 |
|
CONTENT
ssdeep
|
384:yxxlxfoTSlvzxJzjrFWF3FJFQDF8FHFkFjFiF/FaDNlaUhbA+n4NJ0LZma86AadE:yxxlxkSBVC1LQZUlM5mNz1MZ1U |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b33366cccccccc89 |
|
VISUAL
aHash
|
e7c3e7ffe7fffff7 |
|
VISUAL
dHash
|
8c4d4c0c0c0c1404 |
|
VISUAL
wHash
|
42c3c3e3c7c3c3c3 |
|
VISUAL
colorHash
|
07002000180 |
|
VISUAL
cropResistant
|
8c4d4c0c0c0c1404,8796c496f6d6c6e6 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 25 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.