Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T17BB2E1B1E0025AA296FB9DC1E5617E1E62D7F30F8526C9943ABCD98A1FC3CF5F521060 |
|
CONTENT
ssdeep
|
192:6OVRQF1JG4rSFyFO4FDYFZMw/lpzBNWDNZmZ/x34u3UlXBAK4f6h4YuRKxp5MiTt:dy1JGOSFyFO4FDYFZMpuah5Tt |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
b333339999999938 |
|
VISUAL
aHash
|
c7c3c3ffffffffff |
|
VISUAL
dHash
|
0d4d4d000c0c0c0c |
|
VISUAL
wHash
|
c3c3c3c3c3c3c3c3 |
|
VISUAL
colorHash
|
07001600000 |
|
VISUAL
cropResistant
|
0d4d4d000c0c0c0c,c0d00292f0d49429 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 25 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.