Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T181A49A3EB3040775DA1A47CCD6E1AA25102D65CF25B05AD8FB3A02B6F71CCED287365A |
|
CONTENT
ssdeep
|
1536:Vu/eVeEMuyxMyi0i01Myi0i0YnyjMf8DZ+WpvQRPNIPhM3hvo3kPPkPP7aKvaMfD:Vu/SnyjMf8o5tga4Bi+HCJ/HySJA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cc6cac9a39b1929e |
|
VISUAL
aHash
|
9991f240103cffff |
|
VISUAL
dHash
|
2327a6d665e56555 |
|
VISUAL
wHash
|
9bd13000043cffff |
|
VISUAL
colorHash
|
06007000040 |
|
VISUAL
cropResistant
|
2327a6d665e56555,03c3439494941543,5165697979655943,044453cccd536969 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 83 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer checks balances of popular ERC-20 tokens (USDT, USDC, DAI, etc.) and only proceeds if total value exceeds minimum threshold.