Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T18AF14A70430294BEA6E3FAD493633F16A1C7C130E25FC65A9AD44A5E8EC6FF0C985321 |
|
CONTENT
ssdeep
|
96:/Xzi44hpp5LJpiGcnllOGj+2BN6+23lr28ICz4+4n4Vx494kHA:/Xzi1g/llOGjhk12854+4n4r494kHA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
8e36e359f119dc03 |
|
VISUAL
aHash
|
c2b71717171320ff |
|
VISUAL
dHash
|
1e6466b6b667ebcb |
|
VISUAL
wHash
|
80b717170f1b20ff |
|
VISUAL
colorHash
|
06200010011 |
|
VISUAL
cropResistant
|
c2b0c68f93212040,6c65a6b6b663cbcb,1a6c66a6b62762cb,1f03c9552fc3e6f6,71b33b1a3234381b,c0d4d6d87a6c2a2e |
Victim enters username and password into fake login form. Credentials are captured via JavaScript and exfiltrated to attacker's server in real-time.
Victim is prompted for 2FA code after entering credentials. The code is intercepted and used by attacker to access victim's account in real-time.
Drainer supports multiple blockchain networks and checks for high-value tokens on each chain before executing drain operations.