← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
CoolClient Updates to Deploy Browser Login Data Stealer
WHITE cryptocti 2026-01-29 Modified: 2026-02-28
22
IOCs
MEDIUM VOLUME
The CoolClient malware is distributed through DLL sideloading, leveraging legitimate signed executables to load malicious DLLs and evade security detection. This technique allows the attackers to establish persistence while appearing as trusted software activity on the compromised system.
Indicators of Compromise (3 / 22 total)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-SHA256 04c8584fdf34ad59192809c8934c6aef0617fef4faf5ad918da68576d9733af9 SHA256 of aeb25c9a286ee4c25ca55b72a42efa2c 2026-01-29
FileHash-SHA256 8c410fc956149cb88d3a7a1bf92d065bf916296ff63065785a1dc1b8045af40a SHA256 of 1a61564841bbbb8e7774cbbeb3c68d5d 2026-01-29
FileHash-SHA256 941993f885957176d75f24ef3f8935ecb589bb9b445bb0d71fb18b65e61b6ee4 SHA256 of e1b7ef0f3ac0a0a64f86e220f362b149 2026-01-29