Pulse Detail — Threat Intelligence

PULSE NAME

FakeWallet crypto stealer spreading in the App Store

WHITE Tr1sa111 2026-04-21 Modified: 2026-04-21

IOCs

HIGH VOLUME

↓ CSV ↓ JSON

MITRE ATT&CK & Malware Families

ATT&CK TECHNIQUES

T1539 T1555 T1036 T1608 T1041 T1027 T1553 T1573 T1056

MALWARE FAMILIES

FakeWallet SparkKitty

Indicators of Compromise (75)

All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 URL domain hostname

TYPE	INDICATOR	DESCRIPTION	CREATED
FileHash-MD5	0565364633b5acdd24a498a6a9ab4eca	—	2026-04-21
FileHash-MD5	114721fbc23ff9d188535bd736a0d30e	—	2026-04-21
FileHash-MD5	19733e0dfa804e3676f97eff90f2e467	—	2026-04-21
FileHash-MD5	31d25ddf2697b9e13ee883fff328b22f	—	2026-04-21
FileHash-MD5	4126348d783393dd85ede3468e48405d	—	2026-04-21
FileHash-MD5	417ae7f384c49de8c672aec86d5a2860	—	2026-04-21
FileHash-MD5	5bdae6cb778d002c806bb7ed130985f3	—	2026-04-21
FileHash-MD5	686989d97cf0d70346cbde2031207cbf	—	2026-04-21
FileHash-MD5	79fe383f0963ae741193989c12aefacc	—	2026-04-21
FileHash-MD5	7b4c61ff418f6fe80cf8adb474278311	—	2026-04-21
FileHash-MD5	7e678ca2f01dc853e85d13924e6c8a45	—	2026-04-21
FileHash-MD5	84c81a5e49291fe60eb9f5c1e2ac184b	—	2026-04-21
FileHash-MD5	8cbd34393d1d54a90be3c2b53d8fc17a	—	2026-04-21
FileHash-MD5	8d45a67b648d2cb46292ff5041a5dd44	—	2026-04-21
FileHash-MD5	8f51f82393c6467f9392fb9eb46f9301	—	2026-04-21
FileHash-MD5	b639f7f81a8faca9c62fd227fef5e28c	—	2026-04-21
FileHash-MD5	bafba3d044a4f674fc9edc67ef6b8a6b	—	2026-04-21
FileHash-MD5	be9e0d516f59ae57f5553bcc3cf296d1	—	2026-04-21
FileHash-MD5	d138a63436b4dd8c5a55d184e025ef99	—	2026-04-21
FileHash-MD5	d48b580718b0e1617afc1dec028e9059	—	2026-04-21
FileHash-MD5	fd0dc5d4bba740c7b4cc78c4b19a5840	—	2026-04-21
FileHash-SHA1	6781288a3db42f0ddef920b37cee5ea19d1706c2	—	2026-04-21
FileHash-SHA256	ce5cb685b831d3eec4c86ca50b110827e7ad1f0e4fec41c4e4f87dcd97f262cb	—	2026-04-21
URL	https://139.180.139.209/prod-api/system/confData/getUserConfByKey/	—	2026-04-21
URL	https://6688cf.jhxrpbgq.com/6axqkwuq	—	2026-04-21
URL	https://api.dc1637.xyz	—	2026-04-21
URL	https://api.npoint.io/153b165a59f8f7d7b097	—	2026-04-21
URL	https://appstoreios.com/DjZH?key=646556306F6Q465O313L737N3332939Y353I830F31	—	2026-04-21
URL	https://crypto-stroe.cc/	—	2026-04-21
URL	https://helllo2025.com/api/open/postByTokenpocket	—	2026-04-21
URL	https://iosfc.com/ledger/ios/Rsakeycatch.php	—	2026-04-21
URL	https://kkkhhhnnn.com/api/open/postByTokenpocket	—	2026-04-21
URL	https://mgi1y.siyangoil.com/vmzLvi4Dh/1Dd0m4BmAuhVVCbzF	—	2026-04-21
URL	https://mti4ywy4.lahuafa.com/UVB2U/mw2ZmvXKUEbzI0n	—	2026-04-21
URL	https://mtjln.siyangoil.com/08dT284P/1ZMz5Xmb0EoQZVvS5	—	2026-04-21
URL	https://mziyytm5ytk.ahroar.com/kAN2pIEaariFb8Yc	—	2026-04-21
URL	https://ngy2yjq0otlj.ahroar.com/17pIWJfr9DBiXYrSb	—	2026-04-21
URL	https://ngy2yjq0otlj.ahroar.com/EpCXMKDMx1roYGJ	—	2026-04-21
URL	https://nmu8n.com/tpocket/ios/Rsakeyword.php	—	2026-04-21
URL	https://ntm0mdkzymy3n.oukwww.com/7nhn7jvv5YieDe7P?0e7b9c78e=686989d97cf0d70346cbde2031207cbf	—	2026-04-21
URL	https://ntm0mdkzymy3n.oukwww.com/jFms03nKTf7RIZN8?61f68b07f8=0565364633b5acdd24a498a6a9ab4eca	—	2026-04-21
URL	https://nziwytu5n.lahuafa.com/10RsW/mw2ZmvXKUEbzI0n	—	2026-04-21
URL	https://odm0.siyangoil.com/TYTmtV8t/JG6T5nvM1AYqAcN	—	2026-04-21
URL	https://sxsfcc.com/api/open/postByTokenpocket	—	2026-04-21
URL	https://www.gxzhrc.cn/download/	—	2026-04-21
URL	https://xz.apps-store.im/CqDq?key=646R563V6F6Y465K313J737G343C3352383R336O35	—	2026-04-21
URL	https://xz.apps-store.im/DjZH?key=646B563L6F6N4657313B737U3436335E3833331737	—	2026-04-21
URL	https://xz.apps-store.im/s/dDan?key=646756376F6A465D313L737J333993473233038L39&c=	—	2026-04-21
URL	https://xz.apps-store.im/s/iuXt?key=646Y563Y6F6H465J313X737U333S9342323N030R34&c=	—	2026-04-21
URL	https://yjzhengruol.com/s/3f605f	—	2026-04-21
URL	https://zdrhnmjjndu.ulbcl.com/7uchSEp6DIEAqux?a3f65e=417ae7f384c49de8c672aec86d5a2860	—	2026-04-21
URL	https://zdrhnmjjndu.ulbcl.com/tWe0ASmXJbDz3KGh?4a1bbe6d=31d25ddf2697b9e13ee883fff328b22f	—	2026-04-21
URL	https://zmx6f.com/btp/ios/receiRsakeyword.php	—	2026-04-21
domain	appstoreios.com	—	2026-04-21
domain	crypto-stroe.cc	—	2026-04-21
domain	helllo2025.com	—	2026-04-21
domain	iosfc.com	—	2026-04-21
domain	kkkhhhnnn.com	—	2026-04-21
domain	nmu8n.com	—	2026-04-21
domain	sxsfcc.com	—	2026-04-21
domain	yjzhengruol.com	—	2026-04-21
domain	zmx6f.com	—	2026-04-21
hostname	6688cf.jhxrpbgq.com	—	2026-04-21
hostname	api.dc1637.xyz	—	2026-04-21
hostname	mgi1y.siyangoil.com	—	2026-04-21
hostname	mti4ywy4.lahuafa.com	—	2026-04-21
hostname	mtjln.siyangoil.com	—	2026-04-21
hostname	mziyytm5ytk.ahroar.com	—	2026-04-21
hostname	ngy2yjq0otlj.ahroar.com	—	2026-04-21
hostname	ntm0mdkzymy3n.oukwww.com	—	2026-04-21
hostname	nziwytu5n.lahuafa.com	—	2026-04-21
hostname	odm0.siyangoil.com	—	2026-04-21
hostname	www.gxzhrc.cn	—	2026-04-21
hostname	xz.apps-store.im	—	2026-04-21
hostname	zdrhnmjjndu.ulbcl.com	—	2026-04-21

References (1)

↗ https://securelist.com/fakewallet-cryptostealer-ios-app-store/119474/