Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T135C42CB1A0142C3B01DBC3D4F7A46707B3A4D349EA0A41919FE8DF982FD6E60EE1A55D |
|
CONTENT
ssdeep
|
6144:VeXeMwh29ypLXyjy1Vv/iqDw5Gu9T1Vg04yzBWwW:VeXeMwh29yJXyjy1Vv/iqDGz1T0V |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b9c7c6b0c11e3a39 |
|
VISUAL
aHash
|
ffff8d8d8f8f8f9f |
|
VISUAL
dHash
|
653239191b3e3c3b |
|
VISUAL
wHash
|
80f8888d8f8f8f8f |
|
VISUAL
colorHash
|
06001000040 |
|
VISUAL
cropResistant
|
653239191b3e3c3b,53f3d3c74b4f8fa3,ea526a6aaaaaaaaa |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 1083 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.