Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T1FAC163359461AE37548791D5EBF2A31FA6A18349C3271E0563F483AEAFC6F59CC13086 |
|
CONTENT
ssdeep
|
48:xNpQbqwBOjzTCsRHgWTiS04YsN1i204mNCRfFQmc7IKfi60CbOz+wt89V3Lz74p+:xs89HdTiSD3N1i2Dt5c+wxfpHjz9 |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
e4ec4b1bb03666e1 |
|
VISUAL
aHash
|
fffff7d7ff000000 |
|
VISUAL
dHash
|
2d1227253642d4d4 |
|
VISUAL
wHash
|
fffbd3d7d7000000 |
|
VISUAL
colorHash
|
060020001c0 |
|
VISUAL
cropResistant
|
2f20022725b5344b,083032100994c201,922a9696b6b69292,107068c4d4d4d4c0 |
• Ameaça: Possível site de phishing imitando imToken
• Alvo: Usuários do imToken em todo o mundo
• Método: Enganar usuários para baixar um aplicativo potencialmente malicioso
• Exfil: Nenhuma exfiltração direta detectada, mas risco de malware
• Indicadores: Domínio não coincidente, registro de domínio recente, sem formulários visíveis
• Risco: ALTO - Possibilidade de distribuição de malware
The phishing kit is designed to capture user credentials by presenting a fake login interface that mimics the imToken wallet. Submitted credentials are likely transmitted to an attacker-controlled server in real-time.
The kit includes functionality to intercept one-time passwords (OTPs), which are often used as a secondary authentication factor. This allows attackers to bypass 2FA protections and gain unauthorized access to victim accounts.
JavaScript file potentially used for generating or manipulating QR codes to facilitate credential harvesting.
Pages with identical visual appearance (based on perceptual hash)