← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - LeakyInjector and LeakyStealer Duo Hunts For Crypto and Browser History
WHITE celestre 2025-11-12 Modified: 2025-11-12
7
IOCs
LOW VOLUME
Hybrid Analysis has analyzed a new two-stage malware that we’re naming LeakyInjector and LeakyStealer. The duo performs reconnaissance on an infected machine and targets multiple crypto wallets, including browser extensions corresponding to crypto wallets. The malware also looks for browser history files from Google Chrome, Microsoft Edge, Brave, Opera, and Vivaldi.
Indicators of Compromise (7)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 6acc510b440225207a4738fbc0d3b967 MD5 of 88e0c1652eb91c517a5fec9d356c7f30c0136d544f5d55ac37f20c5612134efb 2025-11-12
FileHash-MD5 85a42f527518ec7b089d9c130c0348d5 MD5 of 9b8bd9550e8fdb0ca1482f801121113b364e590349922a3f7936b2a7b6741e82 2025-11-12
FileHash-SHA1 5f5ca86971db840c0864e506d1e5a8ec990a65f1 SHA1 of 88e0c1652eb91c517a5fec9d356c7f30c0136d544f5d55ac37f20c5612134efb 2025-11-12
FileHash-SHA1 8cac48920f240c442bfc6c57a9c5e6ef41172139 SHA1 of 9b8bd9550e8fdb0ca1482f801121113b364e590349922a3f7936b2a7b6741e82 2025-11-12
FileHash-SHA256 88e0c1652eb91c517a5fec9d356c7f30c0136d544f5d55ac37f20c5612134efb 2025-11-12
FileHash-SHA256 9b8bd9550e8fdb0ca1482f801121113b364e590349922a3f7936b2a7b6741e82 2025-11-12
domain everstead.group 2025-11-12
References (1)
↗ https://hybrid-analysis.blogspot.com/2025/11/leakyinjector-and-leakystealer-duo.html