Detailed analysis of captured phishing page
Used to detect similar phishing pages based on HTML content
| Algorithm | Hash Value |
|---|---|
|
CONTENT
TLSH
|
T10C022279A045B93341C7D2E6AB3917ABB7D18283CA93060623F9C35C9FE7D49CD1A523 |
|
CONTENT
ssdeep
|
96:TqCIbcs4SZSZSoc8rIxCvWLNefDnwleWQe8u88UQHFdj42VtKeeA:G1bc4IIozI1eLK1Qe8u88VF6LA |
Used to detect visually similar phishing pages based on screenshots
| Algorithm | Hash Value |
|---|---|
|
VISUAL
pHash
|
d2e46d33130ec3e3 |
|
VISUAL
aHash
|
c0c0f47c6c2c0000 |
|
VISUAL
dHash
|
8407c9e9c9c92070 |
|
VISUAL
wHash
|
e0e3fffc6c2c0818 |
|
VISUAL
colorHash
|
38000038000 |
|
VISUAL
cropResistant
|
8407c9e9c9c92070 |
• Ameaça: Malware/Phishing
• Alvo: Usuários de criptomoedas
• Método: Distribuição de APK malicioso
• Exfil: Frases semente/chaves privadas
• Indicadores: Download de APK não oficial
• Risco: Alto (perda de ativos)
Distributing a trojanized or malicious APK under the name of a legitimate financial service to gain control over user crypto wallets.
The fake app UI inside the mockup implies a standard sign-in/import flow designed to capture keys.