Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T16F04B8B7E204516D43A3D3DC97B13439E25355ADEFC6054AE2948AE770C1CE8C8AE8E7 |
|
CONTENT
ssdeep
|
1536:mgedrGF/UEMGucIXbppDlOfMqYyZvS+ZTSbOLevR6J9wiQrnr1UAMG4Sucg7f1mK:QduzI+WR6J9QPaR6J9QPn |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8fa5f08f4bf0055a |
|
VISUAL
aHash
|
7fff1f1d3d3ffcf8 |
|
VISUAL
dHash
|
51697569696069e9 |
|
VISUAL
wHash
|
3f3f0c1c1c3ffc00 |
|
VISUAL
colorHash
|
07000008441 |
|
VISUAL
cropResistant
|
51697569696069e9,f6f2b61131aaaaf2,e648e8c88ae6e6f1 |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Malicious code is obfuscated using 2088 techniques to evade detection by security scanners and make reverse engineering more difficult.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.