← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
IOC - OpenClaw’s Hologram: Fake Installer Ships Rust Infostealer
WHITE celestre 2026-05-11 Modified: 2026-05-11
40
IOCs
MEDIUM VOLUME
Netskope Threat Labs has found a fake OpenClaw installer delivering red-team-grade capabilities—all pointed at stealing credentials from over 250 crypto wallet and password manager extensions. The dropper’s manifest doesn’t hide the intent: “Hologram – Decoy entity generator for tactical misdirection.”
rustpacker c2packer httpspe loaderhologram systemhologram c2telegram botazure devopsc2 configpathfinderc2 beaconhologramdelivery sitec2 relaypayloadloader
Indicators of Compromise (40)
All FileHash-MD5 FileHash-SHA1 FileHash-SHA256 IPv4 URL domain hostname
TYPEINDICATORDESCRIPTIONCREATED
FileHash-MD5 397405106d895815a9bef8d84445af5a MD5 of d5dffba463beae207aee339f88a18cfcd2ea2cd3e36e98d27297d819a1809846 2026-05-11
FileHash-MD5 b7a76b82c2a5e16a3c346cc6aa145556 MD5 of fd67063ffb0bcde44dca5fea09cc0913150161d7cb13cffc2a001a0894f12690 2026-05-11
FileHash-MD5 f01e96a80f92c414dd824aef5a1ac1e7 MD5 of 6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180 2026-05-11
FileHash-MD5 f9a25264ecf9013d2639875ce7f314cb MD5 of 40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 2026-05-11
FileHash-SHA1 165469afc2f864cffb6906cf490a4db4aa0a06ec SHA1 of 40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 2026-05-11
FileHash-SHA1 3a6a6d7f33848980ffbfba469ed3c7bf89af9a48 SHA1 of fd67063ffb0bcde44dca5fea09cc0913150161d7cb13cffc2a001a0894f12690 2026-05-11
FileHash-SHA1 ca301454527a43963b862c374c47bf65bdf4dc9e SHA1 of 6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180 2026-05-11
FileHash-SHA1 d0ecf08a01c831e4e12355d12cf7d333e3bc94c3 SHA1 of d5dffba463beae207aee339f88a18cfcd2ea2cd3e36e98d27297d819a1809846 2026-05-11
FileHash-SHA256 0c4a9d3579485eaf8801e5ac479cd322ee1e7161b54cc24689b891fa82ba0f1e 2026-05-11
FileHash-SHA256 1478ccc61b69cee462ea98621ba53adf2de0ce28355c5c4eafaed6d779c8acda 2026-05-11
FileHash-SHA256 4014048f8e60d39f724d5b1ae34210ffeac151e1f2d4813dbb51c719d4ad7c3a 2026-05-11
FileHash-SHA256 40fc240febf2441d58a7e2554e4590e172bfefd289a5d9fa6781de38e266b378 2026-05-11
FileHash-SHA256 4fcfcb83145223cca6db85e7c840876ec8a56d78efba856ab70287b0e5c8a696 2026-05-11
FileHash-SHA256 605096b9729bd8eedab460dbd4baf702029fb59842020a27fc0f99fd2ef63040 2026-05-11
FileHash-SHA256 6ae9f9cfa8e638e933ad8b06de7434c395ec68ee9cc4e735069bfb64646bb180 2026-05-11
FileHash-SHA256 787a28aff72f2ecd2f5e75baf284e61bda9ab8dd3905822c6f620cce809952e8 2026-05-11
FileHash-SHA256 d5dffba463beae207aee339f88a18cfcd2ea2cd3e36e98d27297d819a1809846 2026-05-11
FileHash-SHA256 f03736fadffcb7bef122d25d6ace8044378d4fa455f7f48081a3b32c80eb4ed2 2026-05-11
FileHash-SHA256 f554b6f34fd2710929d74af550ddb50633d36eaf0533f2d0cbbde75670676486 2026-05-11
FileHash-SHA256 fd67063ffb0bcde44dca5fea09cc0913150161d7cb13cffc2a001a0894f12690 2026-05-11
IPv4 193.202.84.14 CC=US ASN=AS174 cogent communications 2026-05-11
URL http://193.202.84.14:56001 2026-05-11
IPv4 185.196.9.98 CC=CH ASN=AS42624 simple carrier llc 2026-05-11
IPv4 45.55.35.48 CC=US ASN=AS14061 digitalocean llc 2026-05-11
IPv4 91.92.242.30 CC=BG ASN=ASNone 2026-05-11
IPv4 94.228.161.88 CC=RU ASN=AS48467 pronet llc 2026-05-11
IPv4 147.45.197.92 CC=RU ASN=AS2895 ooo freenet group 2026-05-11
IPv4 86.54.42.72 CC=GB ASN=AS206509 kcom group limited 2026-05-11
URL http://serverconect.cc/update/bin/loader.exe 2026-05-11
domain hkdk.events 2026-05-11
domain jollymccalister.lol 2026-05-11
domain loclx.io 2026-05-11
domain mikolirentryifosttry.info 2026-05-11
domain openclaw-installer.com 2026-05-11
domain serverconect.cc 2026-05-11
domain steamhostserver.cc 2026-05-11
domain transcloud.cc 2026-05-11
domain zkevopenanu.cfd 2026-05-11
hostname frr.rubensbruno.adv.br 2026-05-11
hostname hwd.hidayahnetwork.com 2026-05-11
References (1)
↗ https://www.netskope.com/blog/openclaw-hologram-fake-installer-ships-rust-infostealer