← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CoolClient Updates to Deploy Browser Login Data Stealer
WHITE cryptocti 2026-01-29 Modified: 2026-02-28
22
IOCs
MEDIUM VOLUME
The CoolClient malware is distributed through DLL sideloading, leveraging legitimate signed executables to load malicious DLLs and evade security detection. This technique allows the attackers to establish persistence while appearing as trusted software activity on the compromised system.
Indicators of Compromise (3 / 22 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA1 78cee623d06696ee31b25aa4e1b07c5724b1f7b7 SHA1 of e1b7ef0f3ac0a0a64f86e220f362b149 2026-01-29
FileHash-SHA1 83162af628c523c7800f28e6d0ec2a2405ea1c1c SHA1 of 1a61564841bbbb8e7774cbbeb3c68d5d 2026-01-29
FileHash-SHA1 dfa6f86f2646b202e4d5ff64d5843a44a0662414 SHA1 of aeb25c9a286ee4c25ca55b72a42efa2c 2026-01-29