Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1D76529B0D52C65BD404B53D19530AEBC33A921A1FA13461087FC97BE9BD3E8ADE0B52D |
|
CONTENT
ssdeep
|
12288:ppplGujfJmM67CDLJ9uMJ6xvrHBnNHySFMF+1pd50sZrdmS2U9qj2U9q5L55D5xH:npg55D5nSi |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
cdd6a2f1b0c788c6 |
|
VISUAL
aHash
|
ff1038180018390b |
|
VISUAL
dHash
|
8e717170505257f5 |
|
VISUAL
wHash
|
ff1038182838ff1f |
|
VISUAL
colorHash
|
120020000c0 |
|
VISUAL
cropResistant
|
c0d44006a6e08600,89696fcc712bcce0,aaf21424eb333333,fcb67cf8dae4f9f9,71717030505357f5 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 367 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.